1. Home
  2. CVE Database
  3. CVE-2009-1664
HIGH · 7.5

CVE-2009-1664

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain p...

Vulnerability Description

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
Easy-ScriptsAnswer And Question ScriptAll versions

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2009-1664?

CVE-2009-1664 is a vulnerability with a CVSS score of 7.5 (HIGH). myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain p...

How severe is CVE-2009-1664?

CVE-2009-1664 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1664?

Check the references section above for vendor advisories and patch information. Affected products include: Easy-Scripts Answer And Question Script.