CVE-2009-1434 Information

Description

Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages change permissions or change group memberships as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element a related issue to CVE-2009-1339.

Reference

http://foswiki.org/Support/SecurityAlert-CVE-2009-1434 http://osvdb.org/54148 http://secunia.com/advisories/34863 http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.204080640lavrsen.dk&forum_name=foswiki-announce https://exchange.xforce.ibmcloud.com/vulnerabilities/50256 https://launchpad.net/bugs/cve/2009-1434