NVD

Id
50453  
Name
CVE-2009-3248  
Description
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-09-18  
Modified Date
2009-09-21  
Seq
2009-3248  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
255249 50453 CVE-2009-3248 20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities  View
255250 50453 CVE-2009-3248 9450  View
255251 50453 CVE-2009-3248 36062  View
255252 50453 CVE-2009-3248 http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/  View
255253 50453 CVE-2009-3248 http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt  View
255254 50453 CVE-2009-3248 ADV-2009-2319  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
45308 JVNDB-2009-006315 vtiger CRM の RSS モジュールにおけるクロスサイトリクエストフォージェリの脆弱性 vtiger CRM の RSS モジュールには、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2009-3248 40679 CVE-2009-3248 50453 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-006315.html 2009-09-18 2012-12-20 View