CVE-2009-1637
The CVE-2009-1637 entry concerns profile.php in Simple Customer 1.3, where administrative authentication is not required. This allows remote attackers to modify the admin email address and password by passing email and password parameters. The NVD data lists a CVSS v2 base score of 6.4 (Network a...