Description

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

Remediation

References

CVE-2009-4851

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2021-26029)

Apache HTTP Server Other Vulnerability (CVE-2001-0042)

WordPress Plugin Elementor Addon Elements Multiple Cross-Site Scripting Vulnerabilities (1.11.1)

WordPress Plugin Free counter Cross-Site Scripting (1.1)

Joomla! Core 3.x.x Open Redirect (3.0.0 - 3.4.1)

Severity

Medium

Classification

CVE-2009-4851 CWE-264

Tags

Missing Update Known Vulnerabilities