CVE-2009-1771

Name of the Vulnerable Software and Affected Versions: Flyspeck CMS version 6.8

Description: The issue allows remote attackers to create or modify admin accounts without requiring administrative authentication for the updateExistingContent action. This is achieved by manipulating specific parameters in the request, including users[fullname], users[email], users[role id], users[username], and users[password].

Recommendations: For Flyspeck CMS version 6.8, ensure that administrative authentication is properly enforced for the updateExistingContent action to prevent unauthorized modifications to admin accounts. As a temporary workaround, consider restricting access to the updateExistingContent action until a proper fix is implemented.