VYPR
Unrated severityNVD Advisory· Published May 7, 2010· Updated Jun 16, 2026

CVE-2009-4851

CVE-2009-4851

Description

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

63
  • XOOPS/Xoops63 versions
    cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*+ 62 more
    • cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*range: <=2.4.0
    • cpe:2.3:a:xoops:xoops:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.10_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.12a:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.14-rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.18.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.5_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_alpha1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_alpha2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_alpha_3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.1_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.2a:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.2b:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.4.0_beta_1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.4.0_beta_2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.4.0_rc:*:*:*:*:*:*:*
    • (no CPE)range: <2.4.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.