Lucene search

[email protected]CVE-2009-1664

HistoryMay 18, 2009 - 12:00 p.m.

CVE-2009-1664

2009-05-1812:00:01

CWE-287

[email protected]

web.nvd.nist.gov

cve-2009-1664

easy scripts

password change

privilege escalation

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

Affected configurations

NVD

Node

easy-scriptsanswer_and_question_script

CPENameOperatorVersion
easy-scripts:answer_and_question_scripteasy-scripts answer and question scripteq*

CPE	Name	Operator	Version
easy-scripts:answer_and_question_script	easy-scripts answer and question script	eq	*

References

www.exploit-db.com/exploits/8690

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for CVE-2009-1664

cvelist1 prion1 nvd1