Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1826

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-1826
Last Modified 09 Jun 2009 01:34:46
Published 29 May 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-1826

Summary

modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.

Vulnerable Systems

Application

  • Collector Mygesuad 0.9.14


References

VUPEN - ADV-2009-1345

MILW0RM - 8708

CONFIRM - http://www.collector.ch/drupal5/?q=node/39

CONFIRM - http://www.collector.ch/download/mygesuad-0.9.zip


Last Updated: 27 May 2016 10:50:41