CVE-2009-3248

Опубликовано: 18 сент. 2009

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.

Ссылки

http://marc.info/?l=bugtraq&m=125060676515670&w=2
Exploit
http://secunia.com/advisories/36309
Vendor Advisory
http://www.exploit-db.com/exploits/9450
http://www.osvdb.org/57238
Exploit
http://www.securityfocus.com/bid/36062
Exploit
http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/
Exploit
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Exploit
http://www.vupen.com/english/advisories/2009/2319
Vendor Advisory
http://marc.info/?l=bugtraq&m=125060676515670&w=2
Exploit
http://secunia.com/advisories/36309
Vendor Advisory
http://www.exploit-db.com/exploits/9450
http://www.osvdb.org/57238
Exploit
http://www.securityfocus.com/bid/36062
Exploit
http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/
Exploit
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Exploit
http://www.vupen.com/english/advisories/2009/2319
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00317

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-5pjj-cvfp-x5m8

github

почти 4 года назад