Cross-Site Request Forgery Vulnerability in SQL-Ledger by SQL-Ledger
CVE-2009-3580

Currently unrated

Key Information:

Vendor: Sql-ledger
Status: Sql-ledger
Vendor: CVE Published:; 23 December 2009

What is CVE-2009-3580?

A CSRF vulnerability exists in SQL-Ledger 2.8.24, where an attacker can exploit inadequacies in the am.pl script. By crafting a malicious request, they can impersonate authenticated users and modify their passwords through the login, new_password, and confirm_password parameters. This flaw can lead to unauthorized access and significant security risks for users if not addressed promptly.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54964

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/508559/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/37877

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2009
Vulnerability Reserved
Oct 7, 2009

CVE-2009-3580 Data

JSON

Sql-ledger

What is CVE-2009-3580?

References

Timeline