Vulnerabilities > Vivaprograms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-16 | CVE-2009-3949 | Permissions, Privileges, and Access Controls vulnerability in Vivaprograms Infinity Script 2.0.0 cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and conf_password parameters. | 7.5 |