← Back

CVE-2009-2291

nvd nist
Published: Jul 1, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.

Affected (7)

Chad Phillips
1 product
Logintoboggan
Configuration A
7 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Chad Phillips
Logintoboggan
Version 6.x-1.0
Logintoboggan
Version 6.x-1.1
Logintoboggan
Version 6.x-1.2
Logintoboggan
Version 6.x-1.3
Logintoboggan
Version 6.x-1.4
Logintoboggan
Version 6.x-1.x
Logintoboggan
Version 6.x-2.x
Running on/withPlatform Versions
Drupal
Drupal
All versions

Related CWEs

CWE-264
CWE-264

References (12)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.