CVE-2009-4407

Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
pyforumpyforum
𝑥
≤ 1.0.3
pyforumpyforum
1.0.0
pyforumpyforum
1.0.1
pyforumpyforum
1.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/37764
http://www.osvdb.org/61050
http://www.securityfocus.com/archive/1/508478/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/54853
http://secunia.com/advisories/37764
http://www.osvdb.org/61050
http://www.securityfocus.com/archive/1/508478/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/54853