{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T03:53:30.885","vulnerabilities":[{"cve":{"id":"CVE-2007-5918","sourceIdentifier":"cve@mitre.org","published":"2007-11-10T02:46:00.000","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php."},{"lang":"es","value":"Vulnerabilidad en la falsificación de petición en sitios cruzados (CSRF) en el edit.php del MS TopSites add-on para el PHP-Nuke, no verifica que el parámetro uname concuerde con la cuenta actual, lo que permite a usuarios remotos autenticados cambiar cuentas de su elección o cambiar el campo SiteTitleName como un usuario de su elección a través de la modificación del valor uname en una acción de edición (\"edit\") en el modules.php."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ms_topsites:ms_topsites:*:*:*:*:*:*:*:*","matchCriteriaId":"2D6FA7AD-D57D-489B-9083-54C64E920F4F"}]}]}],"references":[{"url":"http://0x90.com.ar/Advisory/20071106.txt","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/483353/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/26358","source":"cve@mitre.org"},{"url":"http://0x90.com.ar/Advisory/20071106.txt","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/483353/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/26358","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}