Vulnerability Details CVE-2009-3949
cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.7%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2009-3949
-
cpe:2.3:a:vivaprograms:infinity_script:*
-
cpe:2.3:a:vivaprograms:infinity_script:2.0.0