Vulnerability Details CVE-2009-4851
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/37274
- http://www.vupen.com/english/advisories/2009/3256
- http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
- http://www.xoops.org/modules/news/article.php?storyid=5096
- http://secunia.com/advisories/37274
- http://www.vupen.com/english/advisories/2009/3256
- http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
- http://www.xoops.org/modules/news/article.php?storyid=5096
Products affected by CVE-2009-4851
-
cpe:2.3:a:xoops:xoops:*
-
cpe:2.3:a:xoops:xoops:1.0
-
cpe:2.3:a:xoops:xoops:1.0_rc1
-
cpe:2.3:a:xoops:xoops:1.0_rc3
-
cpe:2.3:a:xoops:xoops:1.0_rc3.0.5
-
cpe:2.3:a:xoops:xoops:1.3.10
-
cpe:2.3:a:xoops:xoops:1.3.5
-
cpe:2.3:a:xoops:xoops:1.3.6
-
cpe:2.3:a:xoops:xoops:1.3.7
-
cpe:2.3:a:xoops:xoops:1.3.8
-
cpe:2.3:a:xoops:xoops:1.3.9
-
cpe:2.3:a:xoops:xoops:2.0.0
-
cpe:2.3:a:xoops:xoops:2.0.0_rc1
-
cpe:2.3:a:xoops:xoops:2.0.0_rc2
-
cpe:2.3:a:xoops:xoops:2.0.0_rc3
-
cpe:2.3:a:xoops:xoops:2.0.1
-
cpe:2.3:a:xoops:xoops:2.0.10
-
cpe:2.3:a:xoops:xoops:2.0.10_rc
-
cpe:2.3:a:xoops:xoops:2.0.11
-
cpe:2.3:a:xoops:xoops:2.0.12
-
cpe:2.3:a:xoops:xoops:2.0.12a
-
cpe:2.3:a:xoops:xoops:2.0.13
-
cpe:2.3:a:xoops:xoops:2.0.13.1
-
cpe:2.3:a:xoops:xoops:2.0.13.2
-
cpe:2.3:a:xoops:xoops:2.0.14
-
cpe:2.3:a:xoops:xoops:2.0.14-rc1
-
cpe:2.3:a:xoops:xoops:2.0.15
-
cpe:2.3:a:xoops:xoops:2.0.16
-
cpe:2.3:a:xoops:xoops:2.0.17
-
cpe:2.3:a:xoops:xoops:2.0.17.1
-
cpe:2.3:a:xoops:xoops:2.0.18
-
cpe:2.3:a:xoops:xoops:2.0.18.1
-
cpe:2.3:a:xoops:xoops:2.0.2
-
cpe:2.3:a:xoops:xoops:2.0.3
-
cpe:2.3:a:xoops:xoops:2.0.4
-
cpe:2.3:a:xoops:xoops:2.0.5.1
-
cpe:2.3:a:xoops:xoops:2.0.5.2
-
cpe:2.3:a:xoops:xoops:2.0.5_rc
-
cpe:2.3:a:xoops:xoops:2.0.6
-
cpe:2.3:a:xoops:xoops:2.0.7
-
cpe:2.3:a:xoops:xoops:2.0.7.1
-
cpe:2.3:a:xoops:xoops:2.0.7.2
-
cpe:2.3:a:xoops:xoops:2.0.7.3
-
cpe:2.3:a:xoops:xoops:2.0.9
-
cpe:2.3:a:xoops:xoops:2.0.9.2
-
cpe:2.3:a:xoops:xoops:2.0.9.3
-
cpe:2.3:a:xoops:xoops:2.3.0
-
cpe:2.3:a:xoops:xoops:2.3.0_alpha1
-
cpe:2.3:a:xoops:xoops:2.3.0_alpha2
-
cpe:2.3:a:xoops:xoops:2.3.0_alpha_3
-
cpe:2.3:a:xoops:xoops:2.3.0_beta
-
cpe:2.3:a:xoops:xoops:2.3.0_rc
-
cpe:2.3:a:xoops:xoops:2.3.0_rc2
-
cpe:2.3:a:xoops:xoops:2.3.0_rc3
-
cpe:2.3:a:xoops:xoops:2.3.1
-
cpe:2.3:a:xoops:xoops:2.3.1_rc
-
cpe:2.3:a:xoops:xoops:2.3.2a
-
cpe:2.3:a:xoops:xoops:2.3.2b
-
cpe:2.3:a:xoops:xoops:2.3.3
-
cpe:2.3:a:xoops:xoops:2.4.0_beta_1
-
cpe:2.3:a:xoops:xoops:2.4.0_beta_2
-
cpe:2.3:a:xoops:xoops:2.4.0_rc