Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vtiger | Vtiger Crm | 5.0.4 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=125060676515670&w=2Exploit
- http://secunia.com/advisories/36309Vendor Advisory
- http://www.exploit-db.com/exploits/9450
- http://www.osvdb.org/57238Exploit
- http://www.securityfocus.com/bid/36062Exploit
- http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/Exploit
- http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txtExploit
- http://www.vupen.com/english/advisories/2009/2319Vendor Advisory
- http://marc.info/?l=bugtraq&m=125060676515670&w=2Exploit
- http://secunia.com/advisories/36309Vendor Advisory
- http://www.exploit-db.com/exploits/9450
- http://www.osvdb.org/57238Exploit
- http://www.securityfocus.com/bid/36062Exploit
- http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/Exploit
- http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txtExploit
FAQ
What is CVE-2009-3248?
CVE-2009-3248 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system ...
How severe is CVE-2009-3248?
CVE-2009-3248 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3248?
Check the references section above for vendor advisories and patch information. Affected products include: Vtiger Vtiger Crm.