CVE: CVE-2009-3520

Export to Word

Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00168
Percentile: 0.38565

CVSS Scoring

CVSS v3.1 Score: 8.8

Severity: HIGH

Mapped CWE(s)

CWE-352 : Cross-Site Request Forgery (CSRF)

All CAPEC(s)

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
CAPEC-462: Cross-Domain Search Timing
CAPEC-467: Cross Site Identification
CAPEC-62: Cross Site Request Forgery

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:cmsphp_project:cmsphp:0.21:*:*:*:*:*:*:*

← Back to Home