CVE-2009-1767

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
2daybiztemplate_monster_clone
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35090
http://www.securityfocus.com/bid/34977
https://exchange.xforce.ibmcloud.com/vulnerabilities/50561
https://www.exploit-db.com/exploits/8691
http://secunia.com/advisories/35090
http://www.securityfocus.com/bid/34977
https://exchange.xforce.ibmcloud.com/vulnerabilities/50561
https://www.exploit-db.com/exploits/8691