CVE-2009-2080

{"id": "CVE-2009-2080", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-06-16T19:30:00.327", "references": [{"url": "http://secunia.com/advisories/35350", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51029", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/8917", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action."}, {"lang": "es", "value": "admin.php en MRCGIGUY The Ticket System v2.0, no restringe adecuadamente el acceso, lo que permite a atacantes remotos (1) obtener informaci\u00f3n sobre la configuraci\u00f3n a trav\u00e9s de una acci\u00f3n \"editconfig\" o (2) modificar la contrase\u00f1a de administrador a trav\u00e9s del par\u00e1metro \"id\" en una acci\u00f3n \"editop\"."}], "lastModified": "2017-09-29T01:34:42.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mrcgiguy:the_ticket_system:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AF7C1FB-07D9-49C2-B6F3-0A606AE180BA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}