exploitDog

CVE-2009-4173

Опубликовано: 02 дек. 2009

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cutephp:cutenews:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:korn19:utf-8_cutenews:8:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00159

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-4c74-f2vw-7934

github

почти 4 года назад

Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator, via an adduser action in the editusers module in index.php.

EPSS

Процентиль: 37%

0.00159

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352