{"api_version":"1","generated_at":"2026-04-24T05:03:37+00:00","cve":"CVE-2013-5316","urls":{"html":"https://cve.report/CVE-2013-5316","api":"https://cve.report/api/cve/CVE-2013-5316.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-5316","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-5316"},"summary":{"title":"CVE-2013-5316","description":"Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2013-08-20 14:55:00","updated_at":"2017-08-29 01:33:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"http://www.exploit-db.com/exploits/27315","name":"27315","refsource":"EXPLOIT-DB","tags":["Exploit"],"title":"RiteCMS 1.0.0 - Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86193","name":"ritecms-index-csrf(86193)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html","name":"http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html","refsource":"MISC","tags":["Exploit"],"title":"Rite CMS 1.0.0 Cross Site Request Forgery / Cross Site Scripting ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/61587","name":"61587","refsource":"BID","tags":[],"title":"RiteCMS Cross Site Scripting and Cross Site Request Forgery Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-5316","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-5316","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"5316","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ritecms","cpe5":"ritecms","cpe6":"1.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"5316","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ritecms","cpe5":"ritecms","cpe6":"1.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2013-5316","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"61587","refsource":"BID","url":"http://www.securityfocus.com/bid/61587"},{"name":"http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/122663/Rite-CMS-1.0.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"},{"name":"ritecms-index-csrf(86193)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86193"},{"name":"27315","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/27315"}]}},"nvd":{"publishedDate":"2013-08-20 14:55:00","lastModifiedDate":"2017-08-29 01:33:00","problem_types":["CWE-352"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ritecms:ritecms:1.0.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"5316","Ordinal":"64994","Title":"CVE-2013-5316","CVE":"CVE-2013-5316","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"5316","Ordinal":"1","NoteData":"Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"5316","Ordinal":"2","NoteData":"2013-08-20","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"5316","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}