Unrated severityNVD Advisory· Published May 22, 2009· Updated Apr 23, 2026

CVE-2009-1767

Description

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the (1) loginname, (2) password, (3) email, (4) firstname, or (5) lastname parameter.

Affected products

2daybiz/Template Monster Clone
cpe:2.3:a:2daybiz:template_monster_clone:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/34977nvdExploit
secunia.com/advisories/35090nvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/50561nvd
www.exploit-db.com/exploits/8691nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000