CVE-2009-2080

Name of the Vulnerable Software and Affected Versions MRCGIGUY The Ticket System version 2.0

Description The issue allows remote attackers to obtain sensitive configuration information or change the administrator's password. This can be achieved by accessing the admin.php file, which does not properly restrict access. Specifically, attackers can obtain configuration information via the editconfig action or change the administrator's password via the id parameter in an editop action.

Recommendations For MRCGIGUY The Ticket System version 2.0, restrict access to the admin.php file to prevent unauthorized modifications and information disclosure. As a temporary workaround, consider disabling the editconfig and editop actions until a proper fix is applied. Additionally, restrict the use of the id parameter in the editop action to minimize the risk of password changes by unauthorized users.