CVE-2009-2291
Published Jul 1, 2009
Last updated 15 years ago
Overview
- Description
- Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CA1B3B3-F3E0-4201-853D-2CF762A843B3"
},
{
"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1275432-7063-4AC4-88AD-39C4E803997C"
},
{
"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DECE092-9862-4EF2-9343-9AE75492C5C5"
},
{
"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA09DE25-32A1-4F73-88C1-6A3C2FD71AF3"
},
{
"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75263666-2F4E-4291-ACED-EF2A30337E67"
},
{
"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-1.x:*:dev:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8E2341C-890D-47BD-97CE-85A0D397415D"
},
{
"criteria": "cpe:2.3:a:chad_phillips:logintoboggan:6.x-2.x:*:dev:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "921A742C-7A0F-4BC7-9909-D0312EE90318"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]