Lucene search

[email protected]CVE-2009-1780

HistoryMay 22, 2009 - 8:30 p.m.

CVE-2009-1780

2009-05-2220:30:00

CWE-306

[email protected]

web.nvd.nist.gov

cve-2009-1780

frax.dk

php recommend

authentication bypass

remote attackers

admin privileges

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.7%

JSON

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

Affected configurations

NVD

Node

fraxphp_recommendRange≤1.3

CPENameOperatorVersion
frax:php_recommendfrax php recommendle1.3

CPE	Name	Operator	Version
frax:php_recommend	frax php recommend	le	1.3

References

www.securityfocus.com/bid/34909

www.vupen.com/english/advisories/2009/1287

www.exploit-db.com/exploits/8658

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.7%

JSON

Related for CVE-2009-1780

cvelist1 nvd1 prion1