CVE-2009-4929

CVE-2009-4929 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.

Learn more about our User Device Pen Test.