VYPR
High severity7.2NVD Advisory· Published Sep 11, 2009· Updated Jun 16, 2026

CVE-2009-3168

CVE-2009-3168

Description

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote authenticated users to reset administrative passwords or add administrators via a direct request.

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.