Lucene search

[email protected]CVE-2009-4066

HistoryNov 24, 2009 - 2:30 a.m.

CVE-2009-4066

2009-11-2402:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2009-4066

csrf

phplist integration

drupal

nvd

cross-site request forgery

authentication hijacking

8.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the “My Account” feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.

CPENameOperatorVersion
drupal:drupaldrupaleq*
paul_beaney:phplistpaul beaney phplisteq5.x-1.0
paul_beaney:phplistpaul beaney phplisteq5.x-1.1
paul_beaney:phplistpaul beaney phplisteq5.x-1.x
paul_beaney:phplistpaul beaney phplisteq6.x-1.0
paul_beaney:phplistpaul beaney phplisteq6.x-1.x

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	*
paul_beaney:phplist	paul beaney phplist	eq	5.x-1.0
paul_beaney:phplist	paul beaney phplist	eq	5.x-1.1
paul_beaney:phplist	paul beaney phplist	eq	5.x-1.x
paul_beaney:phplist	paul beaney phplist	eq	6.x-1.0
paul_beaney:phplist	paul beaney phplist	eq	6.x-1.x

References

drupal.org/node/636398

drupal.org/node/636400

drupal.org/node/636412

osvdb.org/60283

secunia.com/advisories/37434

www.securityfocus.com/bid/37054

exchange.xforce.ibmcloud.com/vulnerabilities/54336

8.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CVE-2009-4066

cvelist1 prion1