CVE-2009-2005

Published: Jun 8, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.

Affected (1)

Products: Dokeos: Dokeos

Dokeos

1 product

Dokeos

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dokeos Dokeos	Version 1.8.5

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://holisticinfosec.org/content/view/112/45/

Source: cve@mitre.org

http://secunia.com/advisories/34879

Source: cve@mitre.org

Vendor Advisory

http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8

Source: cve@mitre.org

ExploitPatch

http://www.securityfocus.com/bid/34928

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1300

Source: cve@mitre.org

PatchVendor Advisory

http://holisticinfosec.org/content/view/112/45/