CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-3248

Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.5%

CVSS Severity

CVSS v2 Score 6.8

References

http://marc.info/?l=bugtraq&m=125060676515670&w=2
http://secunia.com/advisories/36309
http://www.exploit-db.com/exploits/9450
http://www.osvdb.org/57238
http://www.securityfocus.com/bid/36062
http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
http://www.vupen.com/english/advisories/2009/2319
http://marc.info/?l=bugtraq&m=125060676515670&w=2
http://secunia.com/advisories/36309
http://www.exploit-db.com/exploits/9450
http://www.osvdb.org/57238
http://www.securityfocus.com/bid/36062
http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
http://www.vupen.com/english/advisories/2009/2319

Products affected by CVE-2009-3248

Vtiger » Vtiger Crm » Version: 5.0.4

cpe:2.3:a:vtiger:vtiger_crm:5.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3248

Products

Pricing

Contact Us