CVE-2009-3168

Metadata

CVE-2009-3168
6.5
exploit-db.com, securityfocus.com, vupen.com
2009-09-11
2017-09-19 07:07

Description

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.

Related Vulnerabilities