CVE-2009-3949
EUVD-2009-392016.11.2009, 20:30
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| vivaprograms | infinity_script | 𝑥 ≤ 2.0.5 |
| vivaprograms | infinity_script | 2.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration