PT-2009-5302 · Cuteflow · Cuteflow
Publicado
2009-08-25
·
Atualizado
2018-10-10
·
CVE-2009-2960
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
CuteFlow versions 2.10.3 and 2.11.0 c
Description:
The issue allows remote attackers to modify usernames and passwords by making a direct request to the pages/edituser.php page, due to improper access restrictions.
Recommendations:
For version 2.10.3, restrict access to the pages/edituser.php page to prevent unauthorized modifications.
For version 2.11.0 c, restrict access to the pages/edituser.php page to prevent unauthorized modifications.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cuteflow