Lucene search

[email protected]CVE-2009-1637

HistoryMay 15, 2009 - 3:30 p.m.

CVE-2009-1637

2009-05-1515:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-1637

simple customer 1.3

profile.php

unauthorized access

admin email

password change

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.

Affected configurations

NVD

Node

simplecustomersimple_customerMatch1.3

CPENameOperatorVersion
simplecustomer:simple_customersimplecustomer simple customereq1.3

CPE	Name	Operator	Version
simplecustomer:simple_customer	simplecustomer simple customer	eq	1.3

References

osvdb.org/54280

secunia.com/advisories/35030

www.securityfocus.com/bid/34872

exchange.xforce.ibmcloud.com/vulnerabilities/50379

www.exploit-db.com/exploits/8638

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2009-1637

cvelist1 nvd1 prion1