CVE-2009-2291

Published Jul 1, 2009

Last updated 16 years ago

CVSS info 6.8

Overview

Description: Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CA1B3B3-F3E0-4201-853D-2CF762A843B3"
          },
          {
            "criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1275432-7063-4AC4-88AD-39C4E803997C"
          },
          {
            "criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DECE092-9862-4EF2-9343-9AE75492C5C5"
          },
          {
            "criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA09DE25-32A1-4F73-88C1-6A3C2FD71AF3"
          },
          {
            "criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75263666-2F4E-4291-ACED-EF2A30337E67"
          },
          {
            "criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.x:*:dev:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8E2341C-890D-47BD-97CE-85A0D397415D"
          },
          {
            "criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-2.x:*:dev:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "921A742C-7A0F-4BC7-9909-D0312EE90318"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References