CVE-2009-1664

Name of the Vulnerable Software and Affected Versions: Easy Scripts Answer and Question Script (affected versions not specified)

Description: The issue concerns the myaccount.php file, which fails to verify the original password before allowing password changes. This allows remote attackers to change the password of other users, potentially gaining privileges. The attack can be carried out by modifying the userid, txtpassword, and txtRpassword parameters.

Recommendations: For Easy Scripts Answer and Question Script, as a temporary workaround, consider disabling the password change functionality in the myaccount.php file until a proper fix is implemented. Restrict access to the myaccount.php file to minimize the risk of exploitation. Avoid using the userid, txtpassword, and txtRpassword parameters in the affected myaccount.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.