{
  "id": "CVE-2009-4907",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2010-06-25T19:30:01.547",
  "lastModified": "2024-11-21T01:10:44.877",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en oBlog  permite a atacantes remotos secuestar la autentificaci\u00f3n de administradores para peticiones que (1) cambian la contrase\u00f1a admin, (2) fuerzan cierre de sesi\u00f3n admin, (3) cambian la visibilidad de los post, (4) borran enlaces, y (5) cambian los campos nombre de un blog."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "baseScore": 6.8,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dootzky:oblog:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D6C0AD-0DEE-4581-B618-43A32F88251B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/60907",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://secunia.com/advisories/37661",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54714",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://osvdb.org/60907",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://secunia.com/advisories/37661",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54714",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}