Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2080

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2080
Last Modified 17 Jun 2009 12:00:00
Published 16 Jun 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2080

Summary

admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.

Vulnerable Systems

Application

  • Mrcgiguy The Ticket System 2.0


References

XF - ticketsystem-admin-security-bypass(51029)

MILW0RM - 8917

SECUNIA - 35350


Last Updated: 27 May 2016 10:50:46