CVE-2009-4929
CVE-2009-4929 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.
Learn more about our User Device Pen Test.