Unrated severityNVD Advisory· Published May 22, 2009· Updated Apr 23, 2026

CVE-2009-1780

Description

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.

Affected products

Frax/Php Recommend
cpe:2.3:a:frax:php_recommend:*:*:*:*:*:*:*:*
Range: <=1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/34909nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/8658nvdExploitThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2009/1287nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000