← Back

CVE-2009-3022

nvd nist
Published: Aug 31, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

Affected (2)

Products: Itd Inc: Bingo!cms
Itd Inc
1 product
Bingo!cms
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Itd Inc
Bingo!cms
Up to 1.2
Bingo!cms
Up to 1.2

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (12)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Broken LinkVendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.