CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3736

MEDIUM
6.0
CVSS Severity Score
EPSS Score0.0450%
EPSS Percentile20.95th
PublishedAug 27, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.

Affected Platforms (CPE)

πŸ“¦
Spacetag

Lacoodast

<= 2.1.3
πŸ“¦
System Consultants

La Cooda Wiz

<= 1.4.0

References & Advisories

πŸ”— http://jvn.jp/en/jp/JVN83428818/index.html
πŸ”— http://secunia.com/advisories/31574
πŸ”— http://secunia.com/advisories/31582
πŸ”— http://wiz.syscon.co.jp/Details.htm
πŸ”— http://www.securityfocus.com/bid/30791
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/44592
πŸ”— http://jvn.jp/en/jp/JVN83428818/index.html
πŸ”— http://secunia.com/advisories/31574

Related Vulnerabilities

CVE-2008-373710.0

Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier al...

CVE-2008-37389.1

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecif...

CVE-2008-37394.3

Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...