VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published May 7, 2010· Updated Apr 29, 2026

CVE-2009-4851

CVE-2009-4851

Description

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

Affected products

62
  • XOOPS/Xoops62 versions
    cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*+ 61 more
    • cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*range: <=2.4.0
    • cpe:2.3:a:xoops:xoops:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.0_rc3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.10_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.12a:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.13.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.14-rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.18.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.5_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_alpha1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_alpha2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_alpha_3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.0_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.1_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.2a:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.2b:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.4.0_beta_1:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.4.0_beta_2:*:*:*:*:*:*:*
    • cpe:2.3:a:xoops:xoops:2.4.0_rc:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.