Lucene search

K
cve[email protected]CVE-2009-4120
HistoryDec 01, 2009 - 2:30 a.m.

CVE-2009-4120

2009-12-0102:30:00
CWE-352
web.nvd.nist.gov
26
cve-2009-4120
quick.cart
csrf
cross-site request forgery
administrator authentication
order deletion
product deletion
page deletion

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.6%

Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibly (2) delete products or (3) delete pages via unspecified vectors.

Affected configurations

NVD
Node
opensolutionquick.cartMatch3.4

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.6%

Related for CVE-2009-4120