AI Score
Confidence
Low
EPSS
Percentile
86.7%
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
www.securityfocus.com/bid/34909
www.vupen.com/english/advisories/2009/1287
www.exploit-db.com/exploits/8658