Summary
This host is running XOOPS and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to activate their accounts without requiring approval from the administrator.
Impact Level: Application.
Solution
Upgrade to the XOOPS version 2.4.1
http://www.xoops.org/modules/core/
Insight
The flaw exists due to the error in the 'activate.php' script which does not verify the activation type when resending the activation email.
Affected
XOOPS version prior to 2.4.1
References
Severity
Classification
-
CVE CVE-2009-4851 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability