CVE-2009-1767
CVE-2009-1767 involves admin/edituser.php in the 2daybiz Template Monster Clone, where no administrative authentication is required. This permits remote attackers to modify arbitrary accounts via the parameters loginname, password, email, firstname, and lastname. The NVD lists a CVSSv2 base score...