CVE-2009-1780
CVE-2009-1780 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
Learn more about our User Device Pen Test.