CVE-2009-4851

First published: Fri May 07 2010(Updated: )

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Xoops Xoops	=2.3.0_rc3
Xoops Xoops	=1.3.6
Xoops Xoops	=2.3.0_rc
Xoops Xoops	=2.3.2b
Xoops Xoops	=2.0.12
Xoops Xoops	=2.3.0_alpha_3
Xoops Xoops	=2.0.5.1
Xoops Xoops	=2.0.2
Xoops Xoops	=2.0.12a
Xoops Xoops	=2.0.5.2
Xoops Xoops	=2.0.16
Xoops Xoops	=2.3.0_beta
Xoops Xoops	=2.0.0_rc1
Xoops Xoops	=2.0.13.1
Xoops Xoops	=2.0.0_rc2
Xoops Xoops	=2.0.7.3
Xoops Xoops	=1.3.10
Xoops Xoops	=2.0.15
Xoops Xoops	=2.0.13
Xoops Xoops	=2.3.2a
Xoops Xoops	=2.4.0_beta_1
Xoops Xoops	=1.3.5
Xoops Xoops	=1.0
Xoops Xoops	=2.0.5_rc
Xoops Xoops	=2.0.14-rc1
Xoops Xoops	=2.3.0_alpha2
Xoops Xoops	=2.0.9.2
Xoops Xoops	=2.0.7
Xoops Xoops	=2.0.18.1
Xoops Xoops	=2.0.3
Xoops Xoops	=1.0_rc1
Xoops Xoops	=2.0.13.2
Xoops Xoops	=2.0.9
Xoops Xoops	=2.0.4
Xoops Xoops	=2.4.0_rc
Xoops Xoops	=2.3.0
Xoops Xoops	=1.3.9
Xoops Xoops	=1.0_rc3.0.5
Xoops Xoops	=2.0.14
Xoops Xoops	=2.0.1
Xoops Xoops	=2.0.10
Xoops Xoops	=2.3.0_rc2
Xoops Xoops	=2.0.0_rc3
Xoops Xoops	=2.0.7.2
Xoops Xoops	=2.0.7.1
Xoops Xoops	=1.3.7
Xoops Xoops	=2.0.0
Xoops Xoops	=2.0.17
Xoops Xoops	=2.0.11
Xoops Xoops	=2.4.0_beta_2
Xoops Xoops	=1.0_rc3
Xoops Xoops	<=2.4.0
Xoops Xoops	=2.3.1
Xoops Xoops	=2.3.0_alpha1
Xoops Xoops	=2.0.17.1
Xoops Xoops	=2.0.18
Xoops Xoops	=2.0.10_rc
Xoops Xoops	=2.3.1_rc
Xoops Xoops	=2.0.9.3
Xoops Xoops	=2.0.6
Xoops Xoops	=2.3.3
Xoops Xoops	=1.3.8

Remedy

http://www.xoops.org/modules/news/article.php?storyid=5096

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/severity
agent/remedy
agent/author
agent/weakness
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/xoops
canonical/xoops xoops
version/xoops xoops/2.3.0_rc3
version/xoops xoops/1.3.6
version/xoops xoops/2.3.0_rc
version/xoops xoops/2.3.2b
version/xoops xoops/2.0.12
version/xoops xoops/2.3.0_alpha_3
version/xoops xoops/2.0.5.1
version/xoops xoops/2.0.2
version/xoops xoops/2.0.12a
version/xoops xoops/2.0.5.2
version/xoops xoops/2.0.16
version/xoops xoops/2.3.0_beta
version/xoops xoops/2.0.0_rc1
version/xoops xoops/2.0.13.1
version/xoops xoops/2.0.0_rc2
version/xoops xoops/2.0.7.3
version/xoops xoops/1.3.10
version/xoops xoops/2.0.15
version/xoops xoops/2.0.13
version/xoops xoops/2.3.2a
version/xoops xoops/2.4.0_beta_1
version/xoops xoops/1.3.5
version/xoops xoops/1.0
version/xoops xoops/2.0.5_rc
version/xoops xoops/2.0.14-rc1
version/xoops xoops/2.3.0_alpha2
version/xoops xoops/2.0.9.2
version/xoops xoops/2.0.7
version/xoops xoops/2.0.18.1
version/xoops xoops/2.0.3
version/xoops xoops/1.0_rc1
version/xoops xoops/2.0.13.2
version/xoops xoops/2.0.9
version/xoops xoops/2.0.4
version/xoops xoops/2.4.0_rc
version/xoops xoops/2.3.0
version/xoops xoops/1.3.9
version/xoops xoops/1.0_rc3.0.5
version/xoops xoops/2.0.14
version/xoops xoops/2.0.1
version/xoops xoops/2.0.10
version/xoops xoops/2.3.0_rc2
version/xoops xoops/2.0.0_rc3
version/xoops xoops/2.0.7.2
version/xoops xoops/2.0.7.1
version/xoops xoops/1.3.7
version/xoops xoops/2.0.0
version/xoops xoops/2.0.17
version/xoops xoops/2.0.11
version/xoops xoops/2.4.0_beta_2
version/xoops xoops/1.0_rc3
version/xoops xoops/2.4.0
version/xoops xoops/2.3.1
version/xoops xoops/2.3.0_alpha1
version/xoops xoops/2.0.17.1
version/xoops xoops/2.0.18
version/xoops xoops/2.0.10_rc
version/xoops xoops/2.3.1_rc
version/xoops xoops/2.0.9.3
version/xoops xoops/2.0.6
version/xoops xoops/2.3.3
version/xoops xoops/1.3.8

CVE-2009-4851

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact