CVE-2009-4674

Mole Group Bus & Sky Hunter Airline Script - Unauthenticated Password Change via admin.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4674. PoCs published by G4N0K.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Mole Group Sky Hunter/Bus Ticket Scripts by allowing an attacker to change the admin password without proper authentication. The PoC provides a form that submits a request to the vulnerable admin endpoint to modify the admin credentials.

Description

admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.

Exploits (1)

exploitdb WORKING POC VERIFIED
by G4N0K · htmlwebappsphp
https://www.exploit-db.com/exploits/8774

This exploit demonstrates an authentication bypass vulnerability in Mole Group Sky Hunter/Bus Ticket Scripts by allowing an attacker to change the admin password without proper authentication. The PoC provides a form that submits a request to the vulnerable admin endpoint to modify the admin credentials.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Mole Group Sky Hunter/Bus Ticket Scripts
No auth needed
Prerequisites: Access to the vulnerable admin endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8774
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50722
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35079

Scores

EPSS 0.0242
EPSS Percentile 82.0%

Details

CWE
CWE-255
Status published
Products (2)
mole-group/bus_ticket_script
mole-group/sky_hunter_airline_ticket_sale_script
Published Mar 05, 2010
Tracked Since Feb 18, 2026