CVE-2009-1767

EUVD-2009-1762
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
2daybiztemplate_monster_clone
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35090
http://www.securityfocus.com/bid/34977
https://exchange.xforce.ibmcloud.com/vulnerabilities/50561
https://www.exploit-db.com/exploits/8691
http://secunia.com/advisories/35090
http://www.securityfocus.com/bid/34977
https://exchange.xforce.ibmcloud.com/vulnerabilities/50561
https://www.exploit-db.com/exploits/8691