MEDIUM🇵🇱 Wersja polska

CVE-2013-7259

CVSS 6.8v2.0pub. 2014-04-29upd. 2026-05-06

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Neo4j

    APP
    Neo4J
    1.9.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2021-34371CRITICAL9.8ten sam produkt

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java...

CVE-2018-18389CRITICAL9.8ten sam produkt

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP fo...

CVE-2024-34517MEDIUM6.5ten sam produkt

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an a...

CVE-2026-1497LOW2.0ten sam produkt

Niepoprawne rozwiązywanie przestrzeni nazw w złożonych bazach danych w Neo4j Enterprise edition w wersjach prz...

CVE-2026-1337LOW1.1ten sam produkt

Niedostateczne maskowanie znaków unicode w dzienniku zapytań w Neo4j Enterprise i Community w wersjach przed 2...