PT-2009-4267 · Sangoma · Freepbx

Published

2009-05-28

Updated

2019-12-10

CVE-2009-1802

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: FreePBX versions 2.4.x through 2.5.1 FreePBX versions prior to 2.6.x

Description: The issue allows remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact due to multiple cross-site request forgery (CSRF) vulnerabilities.

Recommendations: For FreePBX versions 2.4.x through 2.5.1, update to a version that is not affected by this issue. For FreePBX versions prior to 2.6.x, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to admin account creation functionality until a patch is available.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2009-1802

Affected Products

Freepbx

PT-2009-4267 · Sangoma · Freepbx

CVE-2009-1802

Weakness Enumeration

Related Identifiers

Affected Products

References · 5