The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Xoops
  • Xoops

Configuration 1 [-]

OR cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.0:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.0_rc3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.5_rc:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.10_rc:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.12a:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.13.2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.14-rc1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.17.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.0.18.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.0_alpha_3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.0_alpha1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.0_alpha2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.0_beta:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.0_rc:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.0_rc2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.0_rc3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.1_rc:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.2a:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.2b:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.4.0_beta_1:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.4.0_beta_2:*:*:*:*:*:*:*
cpe:2.3:a:xoops:xoops:2.4.0_rc:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/37274 Vendor Advisory
http://www.vupen.com/english/advisories/2009/3256 Vendor Advisory
http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
http://www.xoops.org/modules/news/article.php?storyid=5096 Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:24:04

Updated: 2022-10-03T16:24:04

Reserved: 2022-10-03T00:00:00

Link: CVE-2009-4851

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2010-05-07T18:30:01.390

Modified: 2010-05-13T04:00:00.000

Link: CVE-2009-4851

JSON object: View

cve-icon Redhat Information

No data.

CWE