CVE-2009-3022

MEDIUM

bingo!CMS <= 1.2 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52838
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/57425
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html
Broken Link, Vendor Advisory x_refsource_confirm
http://www.bingo-cms.jp/security/jvn68640473.html
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36458
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN68640473/index.html

Scores

CVSS v3 6.5
EPSS 0.0099
EPSS Percentile 58.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
itd-inc/bingo\!cms < 1.2 (2 CPE variants)
Published Aug 31, 2009
Tracked Since Feb 18, 2026