Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1780

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-1780
Last Modified 27 May 2009 12:00:00
Published 22 May 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1780

Summary

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

Vulnerable Systems

Application

  • Roboform Frax.dk Php Recommend 1.3


References

VUPEN - ADV-2009-1287

BID - 34909

MILW0RM - 8658


Last Updated: 27 May 2016 10:50:40