Lucene search

[email protected]CVE-2009-4906

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-4906

2022-10-0316:24:05

CWE-352

[email protected]

web.nvd.nist.gov

cve-2009-4906

csrf

acc php email

index.php

authentication hijacking

password change

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

Affected configurations

NVD

Node

accscriptsacc_php_emailMatch1.1

CPENameOperatorVersion
accscripts:acc_php_emailaccscripts acc php emaileq1.1

CPE	Name	Operator	Version
accscripts:acc_php_email	accscripts acc php email	eq	1.1

References

packetstormsecurity.org/0912-exploits/ape-xsrf.txt

secunia.com/advisories/37666

www.exploit-db.com/exploits/10412

www.vupen.com/english/advisories/2009/3508

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVE-2009-4906

nvd1 prion1 cvelist1