RSS   Vulnerabilities for 'Infinity script'   RSS

2009-11-16
 
CVE-2009-3949

 

 
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.

 


Copyright 2024, cxsecurity.com

 

Back to Top