CVE-2009-0112

EUVD-2009-0121
Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
expinionpoll_pro
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=123117044713213&w=2
http://secunia.com/advisories/33319
http://securityreason.com/securityalert/4895
https://exchange.xforce.ibmcloud.com/vulnerabilities/47754
http://marc.info/?l=bugtraq&m=123117044713213&w=2
http://secunia.com/advisories/33319
http://securityreason.com/securityalert/4895
https://exchange.xforce.ibmcloud.com/vulnerabilities/47754