CVE-2009-4365

Name: CVE-2009-4365
Creator: NVD / NIST
Published: 2009-12-21T16:30:00.547+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.92%

Last modified Jun 16, 2026

CVE-2009-4365 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.. EPSS estimates a 0.92% chance of exploitation in the next 30 days.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the approve_comment action, (3) change administrator information including the password via the admin_opt action, and (4) delete a blog via the delete action.

Metrics

EPSS Probability

0.92%

55.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Scriptsez	Ez Blog	1.0

References

Timeline

Published: Dec 21, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-4365?

How severe is CVE-2009-4365?

Severity scoring for CVE-2009-4365 is pending analysis. The EPSS model estimates a 0.92% probability of exploitation in the next 30 days.

How do I fix CVE-2009-4365?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-4365?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST