CVE-2009-2328

2009-07-0516:00:00

mitre

www.cve.org

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.1%

JSON

admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.

References

www.exploit-db.com/exploits/9068