CVE-2009-1637

Name of the Vulnerable Software and Affected Versions: Simple Customer version 1.3

Description: The issue allows remote attackers to change the admin e-mail address and password without requiring administrative authentication. This can be achieved by modifying the email and password parameters in the profile.php file.

Recommendations: For Simple Customer version 1.3, consider temporarily restricting access to the profile.php file until a patch is available. As a mitigation measure, avoid using the email and password parameters in the profile.php file to minimize the risk of exploitation.