CVE-2009-1780

CVE-2009-1780 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

Learn more about our User Device Pen Test.