CVE-2009-4851
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
07/05/2010
Last modified:
11/04/2025
Description
The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:* | 2.4.0 (including) | |
| cpe:2.3:a:xoops:xoops:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:2.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:2.0.0_rc1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:2.0.0_rc2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xoops:xoops:2.0.0_rc3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/37274
- http://www.vupen.com/english/advisories/2009/3256
- http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
- http://www.xoops.org/modules/news/article.php?storyid=5096
- http://secunia.com/advisories/37274
- http://www.vupen.com/english/advisories/2009/3256
- http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
- http://www.xoops.org/modules/news/article.php?storyid=5096