Lucene search

[email protected]NVD:CVE-2009-4906

HistoryJun 25, 2010 - 7:30 p.m.

CVE-2009-4906

2010-06-2519:30:01

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

Affected configurations

NVD

Node

accscriptsacc_php_emailMatch1.1

References

packetstormsecurity.org/0912-exploits/ape-xsrf.txt

secunia.com/advisories/37666

www.exploit-db.com/exploits/10412

www.vupen.com/english/advisories/2009/3508

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for NVD:CVE-2009-4906

cve1 prion1 cvelist1