PT-2009-4291 · Mygesuad · Mygesuad
Yenh4Cker
·
Published
2009-05-29
·
Updated
2017-09-29
·
CVE-2009-1826
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
myGesuad version 0.9.14 (aka 0.9)
Description:
The issue allows remote authenticated users to list user accounts without requiring administrative authentication. This is possible through a Find action in the modules/admuser.php file.
Recommendations:
For myGesuad version 0.9.14 (aka 0.9), consider restricting access to the modules/admuser.php file until a patch is available, or implement additional authentication checks to ensure that only authorized administrators can perform the Find action.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mygesuad