Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
References
Link | Resource |
---|---|
http://freepbx.org/trac/ticket/3660 | |
http://osvdb.org/54262 | |
http://secunia.com/advisories/34772 | Vendor Advisory |
http://www.securityfocus.com/bid/34857 | Patch |
http://freepbx.org/trac/ticket/3660 | |
http://osvdb.org/54262 | |
http://secunia.com/advisories/34772 | Vendor Advisory |
http://www.securityfocus.com/bid/34857 | Patch |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:03
Type | Values Removed | Values Added |
---|---|---|
References | () http://freepbx.org/trac/ticket/3660 - | |
References | () http://osvdb.org/54262 - | |
References | () http://secunia.com/advisories/34772 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/34857 - Patch |
Information
Published : 2009-05-28 14:30
Updated : 2024-11-21 01:03
NVD link : CVE-2009-1802
Mitre link : CVE-2009-1802
CVE.ORG link : CVE-2009-1802
JSON object : View
Products Affected
freepbx
- freepbx
sangoma
- freepbx
CWE
CWE-352
Cross-Site Request Forgery (CSRF)