CVE-2009-4851

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
xoopsxoops
𝑥
≤ 2.4.0
xoopsxoops
1.0
xoopsxoops
1.0_rc1:_rc1
xoopsxoops
1.0_rc3:_rc3
xoopsxoops
1.0_rc3.0.5:_rc3.0
xoopsxoops
1.3.5
xoopsxoops
1.3.6
xoopsxoops
1.3.7
xoopsxoops
1.3.8
xoopsxoops
1.3.9
xoopsxoops
1.3.10
xoopsxoops
2.0.0
xoopsxoops
2.0.0_rc1:_rc1
xoopsxoops
2.0.0_rc2:_rc2
xoopsxoops
2.0.0_rc3:_rc3
xoopsxoops
2.0.1
xoopsxoops
2.0.2
xoopsxoops
2.0.3
xoopsxoops
2.0.4
xoopsxoops
2.0.5.1
xoopsxoops
2.0.5.2
xoopsxoops
2.0.5_rc:_rc
xoopsxoops
2.0.6
xoopsxoops
2.0.7
xoopsxoops
2.0.7.1
xoopsxoops
2.0.7.2
xoopsxoops
2.0.7.3
xoopsxoops
2.0.9
xoopsxoops
2.0.9.2
xoopsxoops
2.0.9.3
xoopsxoops
2.0.10
xoopsxoops
2.0.10_rc:_rc
xoopsxoops
2.0.11
xoopsxoops
2.0.12
xoopsxoops
2.0.12a:a
xoopsxoops
2.0.13
xoopsxoops
2.0.13.1
xoopsxoops
2.0.13.2
xoopsxoops
2.0.14
xoopsxoops
2.0.14-rc1
xoopsxoops
2.0.15
xoopsxoops
2.0.16
xoopsxoops
2.0.17
xoopsxoops
2.0.17.1
xoopsxoops
2.0.18
xoopsxoops
2.0.18.1
xoopsxoops
2.3.0
xoopsxoops
2.3.0_alpha_3:_alpha_3
xoopsxoops
2.3.0_alpha1:_alpha1
xoopsxoops
2.3.0_alpha2:_alpha2
xoopsxoops
2.3.0_beta:_beta
xoopsxoops
2.3.0_rc:_rc
xoopsxoops
2.3.0_rc2:_rc2
xoopsxoops
2.3.0_rc3:_rc3
xoopsxoops
2.3.1
xoopsxoops
2.3.1_rc:_rc
xoopsxoops
2.3.2a:a
xoopsxoops
2.3.2b:b
xoopsxoops
2.3.3
xoopsxoops
2.4.0_beta_1:_beta_1
xoopsxoops
2.4.0_beta_2:_beta_2
xoopsxoops
2.4.0_rc:_rc
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/37274
http://www.vupen.com/english/advisories/2009/3256
http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
http://www.xoops.org/modules/news/article.php?storyid=5096
http://secunia.com/advisories/37274
http://www.vupen.com/english/advisories/2009/3256
http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
http://www.xoops.org/modules/news/article.php?storyid=5096