Lucene search

[email protected]CVE-2009-2080

HistoryJun 16, 2009 - 7:30 p.m.

CVE-2009-2080

2009-06-1619:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-2080

mrcgiguy

the ticket system 2.0

security vulnerability

remote attack

sensitive information disclosure

password change vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator’s password via the id parameter in an editop action.

Affected configurations

NVD

Node

mrcgiguythe_ticket_systemMatch2.0

CPENameOperatorVersion
mrcgiguy:the_ticket_systemmrcgiguy the ticket systemeq2.0

CPE	Name	Operator	Version
mrcgiguy:the_ticket_system	mrcgiguy the ticket system	eq	2.0

References

secunia.com/advisories/35350

exchange.xforce.ibmcloud.com/vulnerabilities/51029

www.exploit-db.com/exploits/8917

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for CVE-2009-2080

prion1 cvelist1 nvd1