exploitDog

CVE-2009-4929

Опубликовано: 12 июл. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.

Ссылки

http://secunia.com/advisories/34824
Vendor Advisory
http://www.exploit-db.com/exploits/8496
http://www.securityfocus.com/bid/34619
Exploit
http://secunia.com/advisories/34824
Vendor Advisory
http://www.exploit-db.com/exploits/8496
http://www.securityfocus.com/bid/34619
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sweetphp:totalcalender:2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01543

Низкий

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-f2r2-9848-78f4

github

почти 4 года назад

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.

EPSS

Процентиль: 81%

0.01543

Низкий

7.5 High

CVSS2

Дефекты

CWE-287