CVE-2009-2005

2022-10-0316:24:07

mitre

www.cve.org

cve-2009-2005

cross-site request forgery

dokeos 1.8.5

remote attackers

authentication hijacking

personal agenda items

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.

References

holisticinfosec.org/content/view/112/45/

secunia.com/advisories/34879

www.dokeos.com/wiki/index.php/Security#Dokeos_1.8

www.securityfocus.com/bid/34928

www.vupen.com/english/advisories/2009/1300