CVE-2009-1802
published 2009-05-28CVE-2009-1802: Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to…
PriorityP423medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
0.58%
43.4th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| freepbx | freepbx | — | — |
| sangoma | freepbx | — | — |
| sangoma | freepbx | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2009-05-28
Published