Vulnerabilities > CVE-2009-3168 - Missing Authorization vulnerability in Mevin Basic PHP Events Lister 2.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mevin

CWE-862

exploit available

NVD

Published: 2009-09-11

Updated: 2025-01-21

Summary

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.

Vulnerable Configurations

Part	Description	Count
Application	Mevin Mevin Basic PHP Events Lister 2.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Exploit-Db

id	EDB-ID:9558

References

http://secunia.com/advisories/36525
http://secunia.com/advisories/36525
http://www.exploit-db.com/exploits/9558
http://www.exploit-db.com/exploits/9558
http://www.osvdb.org/57595
http://www.osvdb.org/57595
http://www.securityfocus.com/bid/36198
http://www.securityfocus.com/bid/36198
http://www.vupen.com/english/advisories/2009/2497
http://www.vupen.com/english/advisories/2009/2497