{"id":"CVE-2009-3580","details":"Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.","modified":"2026-01-27T04:09:59.004434Z","published":"2009-12-23T18:30:00Z","withdrawn":"2026-01-27T04:09:59.004434Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/37877"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/508559/100/0/threaded"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54964"}],"schema_version":"1.7.3"}