Description
Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52838
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/57425
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html
Broken Link, Vendor Advisory x_refsource_confirm
http://www.bingo-cms.jp/security/jvn68640473.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36458
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN68640473/index.html
Scores
CVSS v3
6.5
EPSS
0.0099
EPSS Percentile
58.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (1)
itd-inc/bingo\!cms
< 1.2 (2 CPE variants)
Published
Aug 31, 2009
Tracked Since
Feb 18, 2026