{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-05-07T18:23:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "37274", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37274"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.xoops.org/modules/news/article.php?storyid=5096"}, {"tags": ["x_refsource_MISC"], "url": "http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132"}, {"name": "ADV-2009-3256", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3256"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4851", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37274", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37274"}, {"name": "http://www.xoops.org/modules/news/article.php?storyid=5096", "refsource": "CONFIRM", "url": "http://www.xoops.org/modules/news/article.php?storyid=5096"}, {"name": "http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132", "refsource": "MISC", "url": "http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132"}, {"name": "ADV-2009-3256", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3256"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:17:25.869Z"}, "title": "CVE Program Container", "references": [{"name": "37274", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37274"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.xoops.org/modules/news/article.php?storyid=5096"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132"}, {"name": "ADV-2009-3256", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3256"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4851", "datePublished": "2010-05-07T18:23:00.000Z", "dateReserved": "2010-05-07T00:00:00.000Z", "dateUpdated": "2024-09-16T17:23:15.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*", "matchCriteriaId": "371CEAFC-425E-4ED2-9B9D-759106C41F75", "versionEndIncluding": "2.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC6A98F0-965F-4E73-AA6F-8803E1EF7660", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "3355CD8B-9EF3-46CE-8DA3-FCF64B24F529", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "EFE4119C-E4A0-405F-AF9A-DAE023F79862", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "348CD73F-6D2F-439B-9E15-6177895F27C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FAE8B49C-84BE-4339-909F-389D3C1FD1EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "6515D89E-A80A-4C9B-AABA-886DA748FC1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "B0F5267A-F85F-4394-9427-592F9C09D53A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "0BD944A1-902C-4031-80A5-61621CCA28A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "0764C095-72DA-4FAA-9A59-D192144872F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "21260A9E-32F8-4A95-A77B-34183F59C52F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "84C69533-CE11-4164-B558-D36B7B3582A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "BE817D2B-A121-44B3-8455-82632A83DD5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.0_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "F9D1966E-80CE-4BE1-8361-26EC1FA4D5A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.0_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "A0FC239C-5401-4330-9F82-9C1791508C1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "33E91D0D-42F6-4FAC-BD04-AA4D77C6DAD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "881DDA3C-4D95-471F-95BA-6C4629B3CB68", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E235D928-E2D9-46D3-B95F-C4AF556D3C01", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5F0B5583-8489-4AF9-AD04-4A56AC244A59", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9AD25BC1-E435-4691-B42A-0D98D80F0F83", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F58A3E7-4C21-48FD-AA26-7CCE85BAE887", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.5_rc:*:*:*:*:*:*:*", "matchCriteriaId": "D31DA582-6404-4071-AD4B-41CBB9B03EE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "26950415-06AF-4910-A881-121EA0B43058", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "89CFFAD2-F511-431C-BF24-08CA810B4645", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9341BAF2-7C1E-4203-81B9-AA23F26A9A27", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "D927720F-920C-4674-A69E-91CBE196AE03", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8812215-7946-48B3-9CC2-1651B779A429", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "675A7068-CE9E-412A-8159-2A3820D6272E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "FC857372-A76D-4F3D-9FEE-6086A0AB002C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA2D117B-2800-462A-BA58-E71AED33EEFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "08729570-512B-4B7E-A055-B8E312F41E86", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.10_rc:*:*:*:*:*:*:*", "matchCriteriaId": "BF3A5F00-D84E-4D7F-A898-A1FC8F1A1D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "476872A3-838B-40B7-B180-2FE018EA9BE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "3E7B564C-A6D6-478E-924F-8D2F589A40BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.12a:*:*:*:*:*:*:*", "matchCriteriaId": "B0589935-681C-49BD-8987-2B9D4CFAEA47", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "136E70ED-B4B1-4CB6-AB38-7AFF08B966D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "05BD8530-64CA-4528-BD17-DCF685DC6E21", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "7292A887-F03B-4B9A-8C5D-3FC302F329D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "6818F85B-6CFD-4B0D-9CA4-4721AEC799B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.14-rc1:*:*:*:*:*:*:*", "matchCriteriaId": "3D73E804-9CB5-406B-9DF6-4F74CC3984E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "9F45FFF2-DAF0-4B81-BE64-B37BB49B224D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "0C60358F-0A06-4148-B988-667ABB8C9D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "482DD7B1-DF96-45A1-B8BC-613592D918E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.17.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4B461E6-2374-4E34-9AF1-B863B7579654", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "541822E2-B233-4128-902A-3A3ACFCC1EBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.0.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8CACFC0-2538-4D62-9061-2FBCF4C7AD6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "52F540F2-E26A-4214-9796-358EF128C307", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.0_alpha_3:*:*:*:*:*:*:*", "matchCriteriaId": "91B66578-C1BF-412B-B17D-55D1E3E67943", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.0_alpha1:*:*:*:*:*:*:*", "matchCriteriaId": "1F395B23-7786-4C41-8021-7686D24C0365", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.0_alpha2:*:*:*:*:*:*:*", "matchCriteriaId": "056402CF-C322-493A-895F-346AC4363089", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.0_beta:*:*:*:*:*:*:*", "matchCriteriaId": "8032BF0C-B892-41A4-B9A7-2B0B94BEC813", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.0_rc:*:*:*:*:*:*:*", "matchCriteriaId": "9CB57CF5-9828-45A5-8A4C-CFB362FCAB5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.0_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "72A67E8B-B035-4091-955C-7910A423A744", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.0_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "BA2FB08D-49AB-4225-872A-576724669AFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D1E3E73-430E-45D9-A4B9-60EE24C62EF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.1_rc:*:*:*:*:*:*:*", "matchCriteriaId": "7B48642D-3BC0-4B37-B0AF-B0D7558BC593", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.2a:*:*:*:*:*:*:*", "matchCriteriaId": "2507D4B9-B505-4DF0-B63B-47085F95376F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.2b:*:*:*:*:*:*:*", "matchCriteriaId": "0EC59872-ED60-46CF-AB86-E7AC7A7C4C61", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "149720D8-4C25-42ED-957D-179AD69C522A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.4.0_beta_1:*:*:*:*:*:*:*", "matchCriteriaId": "2EDF1868-2892-4CE2-B073-ED87628F6A4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.4.0_beta_2:*:*:*:*:*:*:*", "matchCriteriaId": "B0FA1918-45C2-4E2C-B9AE-1BFB350EABF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xoops:xoops:2.4.0_rc:*:*:*:*:*:*:*", "matchCriteriaId": "D6DBD069-0290-4D65-9A75-F5A469B38932", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php."}, {"lang": "es", "value": "La funci\u00f3n de activaci\u00f3n de reenv\u00edo en el m\u00f3dulo Profiles en XOOPS anteriores a v2.4.1 env\u00eda c\u00f3digos de activaci\u00f3n en respuesta a peticiones de activaci\u00f3n de su elecci\u00f3n , lo que provoca que atacantes remotos eviten la aprobaci\u00f3n administrativa a trav\u00e9s de una petici\u00f3n que implique activate.php."}], "id": "CVE-2009-4851", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-07T18:30:01.390", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37274"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3256"}, {"source": "cve@mitre.org", "url": "http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.xoops.org/modules/news/article.php?storyid=5096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.xoops.org/modules/news/article.php?storyid=5096"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}