Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2040

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2040
Last Modified 15 Jun 2009 12:00:00
Published 12 Jun 2009 02:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2040

Summary

admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.

Vulnerable Systems

Application

  • Grestul 1.2


References

XF - grestul-options-security-bypass(50999)

MILW0RM - 8902

SECUNIA - 35367


Last Updated: 27 May 2016 10:50:45