Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.org/0909-exploits/cmsphp-xsrf.txt | Broken Link Exploit |
| http://secunia.com/advisories/36075 | Broken Link Vendor Advisory |
| http://packetstormsecurity.org/0909-exploits/cmsphp-xsrf.txt | Broken Link Exploit |
| http://secunia.com/advisories/36075 | Broken Link Vendor Advisory |
Configurations
History
21 Nov 2024, 01:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://packetstormsecurity.org/0909-exploits/cmsphp-xsrf.txt - Broken Link, Exploit | |
| References | () http://secunia.com/advisories/36075 - Broken Link, Vendor Advisory |
08 Feb 2024, 20:48
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Cmsphp Project cmsphp
Cmsphp Project |
|
| References | () http://packetstormsecurity.org/0909-exploits/cmsphp-xsrf.txt - Broken Link, Exploit | |
| References | () http://secunia.com/advisories/36075 - Broken Link, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
| CPE | cpe:2.3:a:cmsphp_project:cmsphp:0.21:*:*:*:*:*:*:* |
Information
Published : 2009-10-01 15:30
Updated : 2025-04-09 00:30
NVD link : CVE-2009-3520
Mitre link : CVE-2009-3520
CVE.ORG link : CVE-2009-3520
JSON object : View
Products Affected
cmsphp_project
- cmsphp
CWE
CWE-352
Cross-Site Request Forgery (CSRF)