CVE-2009-4407

EUVD-2009-4374
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests, via unknown vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
pyforumpyforum
𝑥
≤ 1.0.3
pyforumpyforum
1.0.0
pyforumpyforum
1.0.1
pyforumpyforum
1.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/37764
http://www.osvdb.org/61050
http://www.securityfocus.com/archive/1/508478/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/54853
http://secunia.com/advisories/37764
http://www.osvdb.org/61050
http://www.securityfocus.com/archive/1/508478/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/54853