CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vivaprograms: >> Infinity Script >> 2.0.0 Security Vulnerabilities

CVE-2009-3949

cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters.

CVSS Score

7.5

EPSS Score

0.011

Published

2009-11-16

Page 1

Vulnerabilities

Vulnerable Software

Vivaprograms: >> Infinity Script >> 2.0.0 Security Vulnerabilities

Products

Pricing

Contact Us