CVE-2009-3949
CVE-2009-3949 affects VivaPrograms Infinity 2.0.5 and earlier (cp/profile.php). The root cause is missing administrative authentication for the donewauthor action, allowing remote attackers to create administrative accounts via the name, password, and conf_password parameters. Exploitation is net...