CVE-2009-1802

Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freepbx:freepbx:2.4:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.4.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.4.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.5:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.5.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.5.0rc2:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.5.0rc3:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:freepbx:freepbx:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:freepbx:2.5.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:03

Type Values Removed Values Added
References () http://freepbx.org/trac/ticket/3660 - () http://freepbx.org/trac/ticket/3660 -
References () http://osvdb.org/54262 - () http://osvdb.org/54262 -
References () http://secunia.com/advisories/34772 - Vendor Advisory () http://secunia.com/advisories/34772 - Vendor Advisory
References () http://www.securityfocus.com/bid/34857 - Patch () http://www.securityfocus.com/bid/34857 - Patch

Information

Published : 2009-05-28 14:30

Updated : 2024-11-21 01:03


NVD link : CVE-2009-1802

Mitre link : CVE-2009-1802

CVE.ORG link : CVE-2009-1802


JSON object : View

Products Affected

freepbx

  • freepbx

sangoma

  • freepbx
CWE
CWE-352

Cross-Site Request Forgery (CSRF)