| |
Vulnerability CVE-2009-4407
Published: 2009-12-23 Modified: 2012-02-13
Description: |
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Nam Nguyen | 26.12.2009 |
Type:
CWE-352 (Cross-Site Request Forgery (CSRF))
CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.8/10 |
6.4/10 |
8.6/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.securityfocus.com/archive/1/508478/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/54853
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|