Lucene search

K
cveMitreCVE-2009-4828
HistoryApr 27, 2010 - 3:30 p.m.

CVE-2009-4828

2010-04-2715:30:01
CWE-352
mitre
web.nvd.nist.gov
25
cve-2009-4828
cross-site request forgery
csrf
ad manager pro
admanagerpro
administration
security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.006

Percentile

79.1%

Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an admin_created action. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd
Node
phpwebscriptsad_manager_proMatch3.0
VendorProductVersionCPE
phpwebscriptsad_manager_pro3.0cpe:2.3:a:phpwebscripts:ad_manager_pro:3.0:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.006

Percentile

79.1%

Related for CVE-2009-4828