cbcvebase.
CVE-2009-1637
published 2009-05-15

CVE-2009-1637: profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and…

PriorityP346medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
2.25%
80.7th percentile
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.

Affected

1 ranges
VendorProductVersion rangeFixed in
simplecustomersimple_customer
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.