Skip to content
High Published: Sep 11, 2009 Modified: Apr 09, 2025

CVE-2009-3168

7.2 CVSS Score High
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Export CVE-2009-3168 Data:
Share:
Link copied!

Description

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Affected Software Configurations

  • a mevin basic_php_events_lister 2.0 * * * * * * *

Weaknesses (CWE)

  • CWE-862
  • CWE-862

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2005-3623 CVSS 0 Same weakness: CWE-862 CVE-2006-4483 CVSS 0 Same weakness: CWE-862 CVE-2008-6548 CVSS 0 Same weakness: CWE-862 CVE-2009-2282 CVSS 0 Same weakness: CWE-862 CVE-2009-3781 CVSS 0 Same weakness: CWE-862

CVE History Timeline

Sep 14, 2009 11:26 Initial Analysis
Sep 19, 2017 01:29 CVE Modified
Jan 25, 2024 21:51 Modified Analysis
May 14, 2024 02:09 CVE Modified
Nov 21, 2024 01:06 CVE Modified
Jan 21, 2025 17:15 CVE Modified
← Back to CVE Tracker