admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request.
References
Link | Resource |
---|---|
http://osvdb.org/54493 | |
http://secunia.com/advisories/35071 | Vendor Advisory |
http://www.securityfocus.com/bid/34976 | Exploit |
https://www.exploit-db.com/exploits/8689 |
Configurations
History
No history.
Information
Published : 2009-05-16 18:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1652
Mitre link : CVE-2009-1652
CVE.ORG link : CVE-2009-1652
JSON object : View
Products Affected
2daybiz
- business_community_script
CWE
CWE-264
Permissions, Privileges, and Access Controls