CVE-2009-3168

CVE-2009-3168 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.

Learn more about our User Device Pen Test.