exploitDog

CVE-2009-1780

Опубликовано: 22 мая 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

Ссылки

http://www.securityfocus.com/bid/34909
Exploit
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2009/1287
Permissions Required
https://www.exploit-db.com/exploits/8658
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/34909
Exploit
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2009/1287
Permissions Required
https://www.exploit-db.com/exploits/8658
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:frax:php_recommend:*:*:*:*:*:*:*:*

Версия до 1.3 (включая)

EPSS

Процентиль: 87%

0.03613

Низкий

7.5 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-vc7h-x557-3c32

github

почти 4 года назад

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

EPSS

Процентиль: 87%

0.03613

Низкий

7.5 High

CVSS2

Дефекты

CWE-306