Lucene search
HistoryOct 03, 2022 - 4:24 p.m.
CVE-2009-4517
cve-2009-4517
cross-site request forgery
csrf
drupal
faq ask module
unpublished content
authentication hijacking
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.3%
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.
Affected configurations
Node
nanwichfaq_askMatch5.x-1.0
ORnanwichfaq_askMatch5.x-1.0beta1
ORnanwichfaq_askMatch5.x-1.0beta2
ORnanwichfaq_askMatch5.x-1.0beta3
ORnanwichfaq_askMatch5.x-1.0beta4
ORnanwichfaq_askMatch5.x-1.1
ORnanwichfaq_askMatch5.x-1.2
ORnanwichfaq_askMatch5.x-1.3
ORnanwichfaq_askMatch5.x-1.xdev
ORnanwichfaq_askMatch6.x-1.0
ORnanwichfaq_askMatch6.x-1.0beta1
ORnanwichfaq_askMatch6.x-1.1
ORnanwichfaq_askMatch6.x-1.2
ORnanwichfaq_askMatch6.x-1.xdev
ORnanwichfaq_askMatch6.x-2.0alpha1
ORnanwichfaq_askMatch6.x-2.xdev
drupaldrupal
Related
cvelist
cvelist
CVE-2009-4517
2022-10-03 16:24:03
nvd
nvd
CVE-2009-4517
2009-12-31 19:30:00
prion
prion
Cross site request forgery (csrf)
2009-12-31 19:30:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.3%
Related for CVE-2009-4517