CVE-2009-3022

MEDIUM

Itd-inc Bingo!cms < 1.2 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

References (6)

[Third Party Advisory] http://jvn.jp/en/jp/JVN68640473/index.html

[Third Party Advisory, VDB Entry] http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html

[Broken Link] http://osvdb.org/57425

[Broken Link, Vendor Advisory] http://secunia.com/advisories/36458

[Broken Link, Vendor Advisory] http://www.bingo-cms.jp/security/jvn68640473.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52838

Scores

CVSS v3 6.5

EPSS 0.0016

EPSS Percentile 37.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-352

Status draft

Affected Products (2)

itd-inc/bingo\!cms < 1.2

Timeline

Published Aug 31, 2009

Tracked Since Feb 18, 2026