CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-08-25T17:00:00
Updated: 2024-08-07T06:07:37.618Z
Reserved: 2009-08-25T00:00:00
Link: CVE-2009-2960
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-08-25T17:30:00.920
Modified: 2018-10-10T19:42:47.737
Link: CVE-2009-2960
Redhat
No data.