Lucene search

K
cve[email protected]CVE-2009-1664
HistoryMay 18, 2009 - 12:00 p.m.

CVE-2009-1664

2009-05-1812:00:01
CWE-287
web.nvd.nist.gov
25
cve-2009-1664
easy scripts
password change
privilege escalation
security vulnerability
nvd

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

Affected configurations

NVD
Node
easy-scriptsanswer_and_question_script

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

Related for CVE-2009-1664