|
[Japanese]
|
JVNDB-2009-000058
|
bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery
|
|
bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability.
bingo!CMS core and bingo!CMS are content management systems (CMS). bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability.
Masako Oono reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
Base Metrics:
2.6 (Low)
[IPA Score]
- Access Vector: Local
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
|
iTD Inc.
- bingo!CMS (commercial) version 1.2 and earlier
- bingo!CMS core version 1.2 and earlier
|
|
|
If a user views a malicious web page while logged into the CMS, an attacker could modify configurations or modify contents managed by CMS.
|
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
|
|
iTD Inc.
|
|
- Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
|
|
- CVE-2009-3022
|
|
- JVN : JVN#68640473
- National Vulnerability Database (NVD) : CVE-2009-3022
- Secunia Advisory : SA36458
- ISS X-Force Database : 52838
- OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 57425
|
|
[2009/08/27]
Web page published
|
