CVE-2009-1780 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2009-1780?

CVE-2009-1780 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-1780?

Check the references section above for vendor advisories and patch information. Affected products include: Frax Php Recommend.

Vulnerability Description

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Frax	Php Recommend	<= 1.3

Related Weaknesses (CWE)

CWE-306

References

http://www.securityfocus.com/bid/34909ExploitThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2009/1287Permissions Required
https://www.exploit-db.com/exploits/8658ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/34909ExploitThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2009/1287Permissions Required
https://www.exploit-db.com/exploits/8658ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2009-1780?

CVE-2009-1780 is a vulnerability with a CVSS score of 7.5 (HIGH). admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_...

How severe is CVE-2009-1780?

CVE-2009-1780 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1780?

Check the references section above for vendor advisories and patch information. Affected products include: Frax Php Recommend.