Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
References
Link | Resource |
---|---|
http://www.vupen.com/english/advisories/2009/1300 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/34928 | |
http://secunia.com/advisories/34879 | Vendor Advisory |
http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8 | Exploit Patch |
http://holisticinfosec.org/content/view/112/45/ |
Configurations
Information
Published : 2009-06-08 12:30
Updated : 2009-06-08 21:00
NVD link : CVE-2009-2005
Mitre link : CVE-2009-2005
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
dokeos
- dokeos