CVE-2009-3168

Published: Sep 11, 2009

Modified: Jan 21, 2025

PUBLISHED

Description

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

36198

vdb-entry

x_refsource_BID

57595

vdb-entry

x_refsource_OSVDB

36525

third-party-advisory

x_refsource_SECUNIA

9558

exploit

x_refsource_EXPLOIT-DB

ADV-2009-2497

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2009-3168

Description

Affected Products

References