Vulnerability Description
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flyspeck | Flyspeck Cms | 6.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/35011Exploit
- http://www.vupen.com/english/advisories/2009/1367
- https://www.exploit-db.com/exploits/8714
- http://www.securityfocus.com/bid/35011Exploit
- http://www.vupen.com/english/advisories/2009/1367
- https://www.exploit-db.com/exploits/8714
FAQ
What is CVE-2009-1771?
CVE-2009-1771 is a vulnerability with a CVSS score of 7.5 (HIGH). index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fu...
How severe is CVE-2009-1771?
CVE-2009-1771 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1771?
Check the references section above for vendor advisories and patch information. Affected products include: Flyspeck Flyspeck Cms.