XOOPS Profiles Module Activation Security Bypass Vulnerability Network Vulnerability

Summary

This host is running XOOPS and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to activate their accounts without requiring approval from the administrator. Impact Level: Application.

Solution

Upgrade to the XOOPS version 2.4.1 http://www.xoops.org/modules/core/

Insight

The flaw exists due to the error in the 'activate.php' script which does not verify the activation type when resending the activation email.

Affected

XOOPS version prior to 2.4.1

References

http://secunia.com/advisories/37274
http://www.vupen.com/english/advisories/2009/3256
http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4851

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Archiva Multiple Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
/doc directory browsable ?
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability

Take action and discover your vulnerabilities