CVE-2009-3261

Livestreet - Authentication Bypass

Title source: rule

Description

update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require administrative authentication, which allows remote attackers to perform DROP TABLE operations via unspecified vectors.

References (1)

[Exploit] http://packetstormsecurity.org/0908-exploits/livestreet-xss.txt

Scores

EPSS 0.0051

EPSS Percentile 66.2%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

livestreet/livestreet

Timeline

Published Sep 18, 2009

Tracked Since Feb 18, 2026