CVE-2009-1780

N/A Unknown
Published: May 22, 2009 Modified: April 23, 2026
View on NVD

Description

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.securityfocus.com/bid/34909
Source: cve@mitre.org
Exploit Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/1287
Source: cve@mitre.org
Permissions Required
https://www.exploit-db.com/exploits/8658
Source: cve@mitre.org
Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/34909
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/1287
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://www.exploit-db.com/exploits/8658
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory VDB Entry

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
3.6%
88th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-306

Affected Vendors

frax

Related CVEs

CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3
CVE-2026-7037 9.8
CVE-2026-7036 7.3