admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-05-22T20:00:00
Updated: 2024-08-07T05:27:54.669Z
Reserved: 2009-05-22T00:00:00
Link: CVE-2009-1780
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2009-05-22T20:30:00.827
Modified: 2020-05-20T16:49:18.423
Link: CVE-2009-1780
Redhat
No data.