Lucene search

[email protected]CVE-2009-1664

HistoryMay 18, 2009 - 12:00 p.m.

CVE-2009-1664

2009-05-1812:00:01

CWE-287

[email protected]

web.nvd.nist.gov

cve-2009-1664

easy scripts

password change

privilege escalation

security vulnerability

nvd

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

JSON

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

Affected configurations

NVD

Node

easy-scriptsanswer_and_question_script

CPENameOperatorVersion
easy-scripts:answer_and_question_scripteasy-scripts answer and question scripteq*

CPE	Name	Operator	Version
easy-scripts:answer_and_question_script	easy-scripts answer and question script	eq	*

References

www.exploit-db.com/exploits/8690

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for CVE-2009-1664

cvelist1 prion1 nvd1