PT-2009-4154 · Tcpdb · Tcpdb

Mr.Tro0Oqy

Published

2009-05-18

Updated

2017-09-29

CVE-2009-1670

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: TCPDB version 3.8

Description: The issue allows remote attackers to add admin accounts without requiring administrative authentication. This is due to a lack of proper authentication in the user/index.php file.

Recommendations: For TCPDB version 3.8, consider restricting access to the user/index.php file until a patch is available, and ensure that all administrative actions are properly authenticated to prevent unauthorized access.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-1670

Affected Products

Tcpdb

PT-2009-4154 · Tcpdb · Tcpdb

CVE-2009-1670

Weakness Enumeration

Related Identifiers

Affected Products

References · 6