Unrated severityNVD Advisory· Published Sep 11, 2009· Updated Jun 16, 2026
CVE-2008-7214
CVE-2008-7214
Description
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
Affected products
5cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*range: <=4.6.3
- cpe:2.3:a:mambo-foundation:mambo:4.6.2:*:*:*:*:*:*:*
- (no CPE)range: <=4.6.3
Patches
Vulnerability mechanics
References
8- osvdb.org/42531nvdExploit
- www.bugreport.ir/index_33.htmnvdExploit
- secunia.com/advisories/28670nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0325nvdVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2008-02/0444.htmlnvd
- forum.mambo-foundation.org/showthread.phpnvd
- www.securityfocus.com/archive/1/487128/100/200/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/39985nvd
News mentions
0No linked articles in our index yet.