Vulnerability Description
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mrcgiguy | The Ticket System | 2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35350Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51029
- https://www.exploit-db.com/exploits/8917
- http://secunia.com/advisories/35350Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51029
- https://www.exploit-db.com/exploits/8917
FAQ
What is CVE-2009-2080?
CVE-2009-2080 is a vulnerability with a CVSS score of 7.5 (HIGH). admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change t...
How severe is CVE-2009-2080?
CVE-2009-2080 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2080?
Check the references section above for vendor advisories and patch information. Affected products include: Mrcgiguy The Ticket System.