CVE-2009-1670
TCPDB 3.8 is vulnerable to a security bypass where user/index.php does not require administrative authentication, allowing remote attackers to add admin accounts via unspecified vectors. This is documented in multiple sources (NVD entry CVE-2009-1670 and OpenVAS entries) with CVSS base score 7.5 ...