CVE DATABASE / CVE-2009-3520

CVE-2009-3520

CVSS 8.8 · HIGH

Summary

Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.

CVSS 3.1 breakdown

Base score	8.8 (HIGH)
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-352

Affected products

Cmsphp_project cmsphp

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

http://packetstormsecurity.org/0909-exploits/cmsphp-xsrf.txt
http://secunia.com/advisories/36075

Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.