CVE-2009-1664

Easy-scripts Answer And Question Script - Authentication Bypass

Title source: rule

Description

myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by InjEctOr5 · textwebappsphp

https://www.exploit-db.com/exploits/8690

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8690

Scores

EPSS 0.0253

EPSS Percentile 85.3%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

easy-scripts/answer_and_question_script

Timeline

Published May 18, 2009

Tracked Since Feb 18, 2026