Vulnerability Details : CVE-2009-1767
admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.
Exploit prediction scoring system (EPSS) score for CVE-2009-1767
Probability of exploitation activity in the next 30 days: 1.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1767
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-1767
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1767
Products affected by CVE-2009-1767
- cpe:2.3:a:2daybiz:template_monster_clone:-:*:*:*:*:*:*:*