CVE-2009-1767

{"id": "CVE-2009-1767", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-05-22T18:30:00.280", "references": [{"url": "http://secunia.com/advisories/35090", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34977", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50561", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/8691", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35090", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34977", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50561", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/8691", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter."}, {"lang": "es", "value": "admin/edituser.php en 2daybiz Template Monster Clone no requiere autenticaci\u00f3n administrativa, lo que permite a atacantes remotos modificar cuentas de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros: (1) loginname, (2) password, (3) email, (4) firstname, o (5) lastname."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:2daybiz:template_monster_clone:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E22BADE3-F86E-492F-9E7B-0F92B6D8C2BE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}