CVE-2009-4674

Name of the Vulnerable Software and Affected Versions Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script (affected versions not specified)

Description The issue allows remote attackers to change an arbitrary password by modifying the user id field in the admin/admin.php script.

Recommendations For Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script, restrict access to the admin/admin.php script to minimize the risk of exploitation. Avoid using the user id field in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.