CVE-2009-1802

NONE EPSS 43.4%
Published May 28, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 28, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.

Threat Intelligence

EPSS Exploit Probability
43.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 12

VendorProductVersionRange
freepbxfreepbx2.4any
freepbxfreepbx2.4.0_beta1any
freepbxfreepbx2.4.0_beta2any
freepbxfreepbx2.4.1any
freepbxfreepbx2.5any
freepbxfreepbx2.5.0_beta1any
freepbxfreepbx2.5.0rc2any
freepbxfreepbx2.5.0rc3any
freepbxfreepbx2.5.1any
freepbxfreepbx2.5.2any
sangomafreepbx2.4.0any
sangomafreepbx2.5.0any

References 4

Remediation