Author: white Date: 2009-07-05 07:40:53 +0000 (Sun, 05 Jul 2009) New Revision: 12276 Modified: data/CVE/list Log: CSRF needs admin rights to be exploited Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-05 05:32:54 UTC (rev 12275) +++ data/CVE/list 2009-07-05 07:40:53 UTC (rev 12276) @@ -1415,7 +1415,8 @@ CVE-2009-1734 (SQL injection vulnerability in listing_video.php in VidSharePro allows ...) NOT-FOR-US: VidSharePro CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows ...) - - ipplan <unfixed> (low; bug #530271) + - ipplan <unfixed> (unimportant; bug #530271) + NOTE: Only exploitable with admin rights CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in ...) - ipplan <unfixed> (low; bug #530271) CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows ...)