CVE-2009-1780

Name of the Vulnerable Software and Affected Versions: Frax.dk Php Recommend versions 1.3 and earlier

Description: The issue allows remote attackers to gain administrative privileges without authentication when the user password is changed. This is achieved by modifying the form admin user and form admin pass parameters in the admin.php file.

Recommendations: For Frax.dk Php Recommend versions 1.3 and earlier, update to a version that requires authentication for user password changes to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the admin.php file to minimize the risk of exploitation.