CVE-2009-2328

Metadata

CVE-2009-2328
7.5
exploit-db.com
2009-07-05
2017-09-19 07:07

Description

admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.

Related Vulnerabilities