Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-4365
HistoryDec 21, 2009 - 4:30 p.m.

CVE-2009-4365

2009-12-2116:30:00
CWE-352
mitre
web.nvd.nist.gov
30
csrf
vulnerabilities
admin authentication
scriptsez ez blog 1.0
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

57.4%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.

Affected configurations

Nvd
Node
scriptsezez_blogMatch1.0
VendorProductVersionCPE
scriptsezez_blog1.0cpe:2.3:a:scriptsez:ez_blog:1.0:*:*:*:*:*:*:*

Related

prion 1
nvd 1
cvelist 1
exploitdb 2
prion
prion
Cross site request forgery (csrf)
2009-12-21 16:30:00
nvd
nvd
CVE-2009-4365
2009-12-21 16:30:00
cvelist
cvelist
CVE-2009-4365
2009-12-21 16:00:00
exploitdb
exploitdb
Ez Blog 1.0 - Cross-Site Scripting / Cross-Site Request Forgery
2009-12-15 00:00:00
Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities
2009-12-15 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

57.4%

JSON
Related for CVE-2009-4365
prion1nvd1cvelist1exploitdb2