Vulnerabilities > CVE-2009-4674 - Credentials Management vulnerability in Mole-Group products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mole-group
CWE-255
exploit available

Summary

admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.

Vulnerable Configurations

Part Description Count
Application
Mole-Group
2

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit. CVE-2009-4674. Webapps exploit for php platform
fileexploits/php/webapps/8774.html
idEDB-ID:8774
last seen2016-02-01
modified2009-05-22
platformphp
port
published2009-05-22
reporterG4N0K
sourcehttps://www.exploit-db.com/download/8774/
titleMole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit
typewebapps