Lucene search

[email protected]CVE-2009-4349

HistoryDec 17, 2009 - 5:30 p.m.

CVE-2009-4349

2009-12-1717:30:00

CWE-352

[email protected]

web.nvd.nist.gov

csrf

vulnerability

administration

link up gold 5.0

hijack

authentication

administrators

administrative accounts

remote attackers

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

Affected configurations

NVD

Node

phpwebscriptslink_up_goldMatch5.0

CPENameOperatorVersion
phpwebscripts:link_up_goldphpwebscripts link up goldeq5.0

CPE	Name	Operator	Version
phpwebscripts:link_up_gold	phpwebscripts link up gold	eq	5.0

References

osvdb.org/61017

packetstormsecurity.org/0912-exploits/linkupgold-xsrf.txt

secunia.com/advisories/37712

www.exploit-db.com/exploits/10436

www.vupen.com/english/advisories/2009/3532

exchange.xforce.ibmcloud.com/vulnerabilities/54759

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2009-4349

prion1 cvelist1 nvd1