Lucene search
HistoryMar 20, 2009 - 6:30 p.m.
CVE-2009-1036
csrf
vulnerability
plus 1 module
drupal
remote attackers
votes
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.9%
Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.
Affected configurations
Node
drupalplus1Range≤6.x-2.5
ORdrupalplus1Match6.x-1.0
ORdrupalplus1Match6.x-1.1
ORdrupalplus1Match6.x-1.2
ORdrupalplus1Match6.x-1.3
ORdrupalplus1Match6.x-2.0
ORdrupalplus1Match6.x-2.0beta2
ORdrupalplus1Match6.x-2.0beta3
ORdrupalplus1Match6.x-2.0beta4
ORdrupalplus1Match6.x-2.0beta5
ORdrupalplus1Match6.x-2.1
ORdrupalplus1Match6.x-2.2
ORdrupalplus1Match6.x-2.3
ORdrupalplus1Match6.x-2.4
drupaldrupal
Related
nvd
nvd
CVE-2009-1036
2009-03-20 18:30:00
prion
prion
Cross site request forgery (csrf)
2009-03-20 18:30:00
cvelist
cvelist
CVE-2009-1036
2009-03-20 18:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.9%
Related for CVE-2009-1036