CVE-2009-2125

2009-06-1917:32:00

mitre

www.cve.org

elvin

delete_bug.php

privilege escalation

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

45.5%

JSON

delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.

References

bugs.elvinbts.org/show_bug.php?id=50

osvdb.org/55101

secunia.com/advisories/35430