CVE-2009-3520

Published: Oct 1, 2009Modified: Apr 23, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.

Affected (1)

Products: Cmsphp Project: Cmsphp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cmsphp Project Cmsphp	Version 0.21

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://packetstormsecurity.org/0909-exploits/cmsphp-xsrf.txt

Source: cve@mitre.org

Broken LinkExploit

http://secunia.com/advisories/36075

Source: cve@mitre.org

Broken LinkVendor Advisory

http://packetstormsecurity.org/0909-exploits/cmsphp-xsrf.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploit

http://secunia.com/advisories/36075

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

Timeline

No history available yet.