CVE-2009-1036 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal Plus1

Configuration 1 [-]

AND

OR	cpe:2.3:a:drupal:plus1::::::::
	cpe:2.3:a:drupal:plus1:6.x-1.0:::::::*
	cpe:2.3:a:drupal:plus1:6.x-1.1:::::::*
	cpe:2.3:a:drupal:plus1:6.x-1.2:::::::*
	cpe:2.3:a:drupal:plus1:6.x-1.3:::::::*
	cpe:2.3:a:drupal:plus1:6.x-2.0:::::::*
	cpe:2.3:a:drupal:plus1:6.x-2.0:beta2::::::
	cpe:2.3:a:drupal:plus1:6.x-2.0:beta3::::::
	cpe:2.3:a:drupal:plus1:6.x-2.0:beta4::::::
	cpe:2.3:a:drupal:plus1:6.x-2.0:beta5::::::
	cpe:2.3:a:drupal:plus1:6.x-2.1:::::::*
	cpe:2.3:a:drupal:plus1:6.x-2.2:::::::*
	cpe:2.3:a:drupal:plus1:6.x-2.3:::::::*
	cpe:2.3:a:drupal:plus1:6.x-2.4:::::::*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/405672
http://drupal.org/node/406314
http://osvdb.org/52786
http://secunia.com/advisories/34378
http://www.securityfocus.com/bid/34168
https://exchange.xforce.ibmcloud.com/vulnerabilities/49310

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-20T18:00:00

Updated: 2024-08-07T04:57:17.528Z

Reserved: 2009-03-20T00:00:00

Link: CVE-2009-1036

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-03-20T18:30:00.360

Modified: 2017-08-17T01:30:10.130

Link: CVE-2009-1036

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-03-18T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "52786", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/52786"}, {"name": "34168", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34168"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/405672"}, {"name": "plus1-unspecified-csrf(49310)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49310"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/406314"}, {"name": "34378", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34378"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1036", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "52786", "refsource": "OSVDB", "url": "http://osvdb.org/52786"}, {"name": "34168", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34168"}, {"name": "http://drupal.org/node/405672", "refsource": "CONFIRM", "url": "http://drupal.org/node/405672"}, {"name": "plus1-unspecified-csrf(49310)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49310"}, {"name": "http://drupal.org/node/406314", "refsource": "CONFIRM", "url": "http://drupal.org/node/406314"}, {"name": "34378", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34378"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:57:17.528Z"}, "title": "CVE Program Container", "references": [{"name": "52786", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/52786"}, {"name": "34168", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34168"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/405672"}, {"name": "plus1-unspecified-csrf(49310)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49310"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/406314"}, {"name": "34378", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34378"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1036", "datePublished": "2009-03-20T18:00:00", "dateReserved": "2009-03-20T00:00:00", "dateUpdated": "2024-08-07T04:57:17.528Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:plus1:*:*:*:*:*:*:*:*", "matchCriteriaId": "88EE6257-1E72-4BA9-A258-D4D9D9236387", "versionEndIncluding": "6.x-2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "277CB5E7-FA51-45A7-80E2-54EA60FA2F4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "163CAC05-57BB-46FE-A207-548EE6DFD28E", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2C27A4BF-8B05-48E3-9AC6-B2ED98D3BD72", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "36C8C9E8-A171-45D3-9596-FA2C208C48D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C76A47DA-E66B-467E-B468-9CF20CFA8EEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "FA608B72-450C-4C64-8B4E-0766BEA2B066", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7ADDA1E3-E765-4614-BA92-D68898C4DFDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "7753EDBC-FAB4-4335-9CBB-9D96A348156A", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "B993DA31-890B-4166-8251-D35BA2467327", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D24BB6C-56AA-4617-B773-BE59D9630748", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.2:*:*:*:*:*:*:*", "matchCriteriaId": "372BA942-62E7-4215-8F40-73E6FA7ABF6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.3:*:*:*:*:*:*:*", "matchCriteriaId": "78863577-3914-481B-901E-2CAD85FE97B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:plus1:6.x-2.4:*:*:*:*:*:*:*", "matchCriteriaId": "AB37E8A8-85C4-444B-995D-303A13A7D6B8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el m\u00f3dulo Plus 1 anterior a v6.x-2.6, un m\u00f3dulo de Drupal, permite a atacantes remotos emitir votos de contenidos a trav\u00e9s de aspectos de la URI sin especificar."}], "id": "CVE-2009-1036", "lastModified": "2017-08-17T01:30:10.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-03-20T18:30:00.360", "references": [{"source": "cve@mitre.org", "url": "http://drupal.org/node/405672"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/406314"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/52786"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34378"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/34168"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49310"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}