CVE-2009-1434 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2009-1434

Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339.

Published: Apr 30, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1434
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
foswiki / foswiki	1.0.0	1.0.0.x
foswiki / foswiki	1.0.2	1.0.2.x
foswiki / foswiki	1.0.3	1.0.3.x
foswiki / foswiki	1.0.1	1.0.1.x
foswiki / foswiki	-	1.0.4.x