CVE-2009-1802

Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
freepbxfreepbx
2.4
freepbxfreepbx
2.4.0_beta1:_beta1
freepbxfreepbx
2.4.0_beta2:_beta2
freepbxfreepbx
2.4.1
freepbxfreepbx
2.5
freepbxfreepbx
2.5.0_beta1:_beta1
freepbxfreepbx
2.5.0rc2:rc2
freepbxfreepbx
2.5.0rc3:rc3
freepbxfreepbx
2.5.1
freepbxfreepbx
2.5.2
sangomafreepbx
2.4.0
sangomafreepbx
2.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://freepbx.org/trac/ticket/3660
http://osvdb.org/54262
http://secunia.com/advisories/34772
http://www.securityfocus.com/bid/34857
http://freepbx.org/trac/ticket/3660
http://osvdb.org/54262
http://secunia.com/advisories/34772
http://www.securityfocus.com/bid/34857