CVE-2009-4095

myPhile 1.2.1 - Auth Bypass

Title source: llm

Description

myPhile 1.2.1 allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.

References (4)

[Patch, Vendor Advisory] http://companionway.net/files/myphile/

[Vendor Advisory] http://secunia.com/advisories/37322

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/3289

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54350

Scores

EPSS 0.0038

EPSS Percentile 59.3%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

companionway/myphile

Timeline

Published Nov 29, 2009

Tracked Since Feb 18, 2026