RSS   Vulnerabilities for 'Totalcalender'   RSS

2010-07-12
 
CVE-2009-4929

CWE-287
 

 
admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.

 

 >>> Vendor: Sweetphp 2 Products
Totalcalendar
Totalcalender


Copyright 2024, cxsecurity.com

 

Back to Top