Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freepbx | Freepbx | 2.4 |
| Sangoma | Freepbx | 2.4.0 |
Related Weaknesses (CWE)
References
- http://freepbx.org/trac/ticket/3660
- http://osvdb.org/54262
- http://secunia.com/advisories/34772Vendor Advisory
- http://www.securityfocus.com/bid/34857Patch
- http://freepbx.org/trac/ticket/3660
- http://osvdb.org/54262
- http://secunia.com/advisories/34772Vendor Advisory
- http://www.securityfocus.com/bid/34857Patch
FAQ
What is CVE-2009-1802?
CVE-2009-1802 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for r...
How severe is CVE-2009-1802?
CVE-2009-1802 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1802?
Check the references section above for vendor advisories and patch information. Affected products include: Freepbx Freepbx, Sangoma Freepbx.