CVE-2009-4851

Опубликовано: 07 мая 2010

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

Ссылки

http://secunia.com/advisories/37274
Vendor Advisory
http://www.vupen.com/english/advisories/2009/3256
Vendor Advisory
http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
http://www.xoops.org/modules/news/article.php?storyid=5096
Patch
http://secunia.com/advisories/37274
Vendor Advisory
http://www.vupen.com/english/advisories/2009/3256
Vendor Advisory
http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
http://www.xoops.org/modules/news/article.php?storyid=5096
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*

Версия до 2.4.0 (включая)

cpe:2.3:a:xoops:xoops:1.0:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.0_rc1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.0_rc2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.0_rc3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.5_rc:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.7.3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.10_rc:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.12a:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.13.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.13.2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.14-rc1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.17.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.0.18.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0_alpha_3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0_alpha1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0_alpha2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0_beta:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0_rc:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0_rc2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.0_rc3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.1_rc:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.2a:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.2b:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.0_beta_1:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.0_beta_2:*:*:*:*:*:*:*

cpe:2.3:a:xoops:xoops:2.4.0_rc:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00264

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-v4v9-w35g-h777

github

почти 4 года назад