CVE-2009-2572
Published Jul 22, 2009
Last updated 7 years ago
Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B52E33DA-82E3-493A-A892-873D713A8AC1"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BEE50BE-08CF-4B94-A8A1-853517234536"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "464002BD-E9F1-48BF-BCEB-9D10BB16FAB5"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.11:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72A814FC-8C1E-4CCC-AC45-71F0D7F162ED"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.11:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45CFE657-DBF6-43F5-9BDE-E073852F2BFD"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.11:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B92C61C0-BEA2-4945-AF25-0AF1F12D6067"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.11:beta4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C113D74B-C0E2-4463-8A60-EA31043F1489"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81A1B620-18FC-4808-B275-2E48104656E4"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:5.x-1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB27868A-1FC0-4E5B-9124-893D339292B2"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:6.x-1.11:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBCBC049-37DF-42BF-8788-CFC08AED07C2"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:6.x-1.11:beta4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "758367A3-CDAE-47FB-926E-E3C1422184D3"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:6.x-1.11:beta5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A804D3B5-73CA-4617-9981-332FB4DB942D"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:6.x-1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCF8342D-D586-4E82-8C55-E226321F6040"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:6.x-1.12:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B856CB8-40EF-4A4D-AA30-3A3996C1E273"
},
{
"criteria": "cpe:2.3:a:lullabot:fivestar_module_for_drupal:6.x-1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1C3B585-0AC1-4777-843F-DF208BDB5084"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]