Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1767

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1767
Last Modified 24 May 2009 12:00:00
Published 22 May 2009 02:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1767

Summary

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.

Vulnerable Systems

Application

  • 2daybiz Template Monster Clone -


References

XF - tmc-edituser-security-bypass(50561)

BID - 34977

MILW0RM - 8691

SECUNIA - 35090


Last Updated: 27 May 2016 10:50:40