2 matches found
CVE-2009-3949
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and confpassword parameters...
CVE-2009-3949
CVE-2009-3949 affects VivaPrograms Infinity 2.0.5 and earlier (cp/profile.php). The root cause is missing administrative authentication for the donewauthor action, allowing remote attackers to create administrative accounts via the name, password, and conf_password parameters. Exploitation is net...