[Secure-testing-commits] r12276 - data/CVE

[Steffen Joeris]

Author: white
Date: 2009-07-05 07:40:53 +0000 (Sun, 05 Jul 2009)
New Revision: 12276

Modified:
   data/CVE/list
Log:
CSRF needs admin rights to be exploited

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-05 05:32:54 UTC (rev 12275)
+++ data/CVE/list	2009-07-05 07:40:53 UTC (rev 12276)
@@ -1415,7 +1415,8 @@
 CVE-2009-1734 (SQL injection vulnerability in listing_video.php in VidSharePro allows ...)
 	NOT-FOR-US: VidSharePro
 CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows ...)
-	- ipplan <unfixed> (low; bug #530271)
+	- ipplan <unfixed> (unimportant; bug #530271)
+	NOTE: Only exploitable with admin rights
 CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in ...)
 	- ipplan <unfixed> (low; bug #530271)
 CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows ...)