2 matches found
CVE-2009-3168
CVE-2009-3168 affects Mevin Productions Basic PHP Events Lister 2.0. The vulnerability arises from improper access restriction to admin/reset.php and admin/user_add.php, allowing remote authenticated users to reset administrative passwords or add administrators via a direct request. Multiple conn...
CVE-2009-3168
Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to 1 admin/reset.php and 2 admin/useradd.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request...