CVE-2009-4851

Name: CVE-2009-4851
Creator: NVD / NIST
Published: 2010-05-07T18:30:01.39+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.21%

Last modified Jun 16, 2026

CVE-2009-4851 is a vulnerability of currently unknown severity. The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.. EPSS estimates a 1.21% chance of exploitation in the next 30 days.

Description

The activation resend function in the Profiles module in XOOPS before 2.4.1 sends activation codes in response to arbitrary activation requests, which allows remote attackers to bypass administrative approval via a request involving activate.php.

Metrics

EPSS Probability

1.21%

64.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Xoops	Xoops	<= 2.4.0
Xoops	Xoops	1.0
Xoops	Xoops	1.0_rc1
Xoops	Xoops	1.0_rc3
Xoops	Xoops	1.0_rc3.0.5
Xoops	Xoops	1.3.5
Xoops	Xoops	1.3.6
Xoops	Xoops	1.3.7
Xoops	Xoops	1.3.8
Xoops	Xoops	1.3.9
Xoops	Xoops	1.3.10
Xoops	Xoops	2.0.0
Xoops	Xoops	2.0.0_rc1
Xoops	Xoops	2.0.0_rc2
Xoops	Xoops	2.0.0_rc3
Xoops	Xoops	2.0.1
Xoops	Xoops	2.0.2
Xoops	Xoops	2.0.3
Xoops	Xoops	2.0.4
Xoops	Xoops	2.0.5.1
Xoops	Xoops	2.0.5.2
Xoops	Xoops	2.0.5_rc
Xoops	Xoops	2.0.6
Xoops	Xoops	2.0.7
Xoops	Xoops	2.0.7.1
Xoops	Xoops	2.0.7.2
Xoops	Xoops	2.0.7.3
Xoops	Xoops	2.0.9
Xoops	Xoops	2.0.9.2
Xoops	Xoops	2.0.9.3
Xoops	Xoops	2.0.10
Xoops	Xoops	2.0.10_rc
Xoops	Xoops	2.0.11
Xoops	Xoops	2.0.12
Xoops	Xoops	2.0.12a
Xoops	Xoops	2.0.13
Xoops	Xoops	2.0.13.1
Xoops	Xoops	2.0.13.2
Xoops	Xoops	2.0.14
Xoops	Xoops	2.0.14-rc1
Xoops	Xoops	2.0.15
Xoops	Xoops	2.0.16
Xoops	Xoops	2.0.17
Xoops	Xoops	2.0.17.1
Xoops	Xoops	2.0.18
Xoops	Xoops	2.0.18.1
Xoops	Xoops	2.3.0
Xoops	Xoops	2.3.0_alpha_3
Xoops	Xoops	2.3.0_alpha1
Xoops	Xoops	2.3.0_alpha2

Showing 50 of 62 affected configurations. See NVD for the full list.

References

http://secunia.com/advisories/37274Vendor Advisory
http://www.vupen.com/english/advisories/2009/3256Vendor Advisory
http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
http://www.xoops.org/modules/news/article.php?storyid=5096Patch
http://secunia.com/advisories/37274Vendor Advisory
http://www.vupen.com/english/advisories/2009/3256Vendor Advisory
http://www.xoops.org/modules/newbb/viewtopic.php?post_id=319132
http://www.xoops.org/modules/news/article.php?storyid=5096Patch

Timeline

Published: May 7, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-4851?

How severe is CVE-2009-4851?

Severity scoring for CVE-2009-4851 is pending analysis. The EPSS model estimates a 1.21% probability of exploitation in the next 30 days.

How do I fix CVE-2009-4851?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-4851?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST