CVE-2009-4675 in Group Gastro Portalinfo

Summary

by MITRE

admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/01/2026

The vulnerability identified as CVE-2009-4675 affects the Mole Group Gastro Portal, a restaurant directory script that contains a critical authentication bypass flaw in its administrative interface. This issue resides within the admin/admin_info/index.php component of the application, where the system fails to properly validate user credentials before allowing access to administrative functions. The vulnerability represents a significant security weakness that undermines the fundamental security model of the application by permitting unauthorized access to privileged administrative operations.

The technical flaw manifests as a lack of proper authentication checks within the administrative information management section of the gastro portal. When attackers submit form data through the unspecified form submission mechanism, the application does not verify whether the requesting user possesses administrative privileges before processing the password change request. This authentication gap creates a direct pathway for remote attackers to compromise administrative accounts without requiring legitimate credentials or authorization. The vulnerability operates at the application logic level, specifically within the access control implementation where session validation and privilege verification are absent or improperly implemented.

From an operational perspective, this vulnerability enables remote attackers to gain complete administrative control over the gastro portal system, which represents a severe compromise of the application's security posture. Once an attacker successfully exploits this flaw, they can modify administrative passwords, potentially locking out legitimate administrators while maintaining persistent access to the system. The impact extends beyond simple credential theft, as administrative access typically grants privileges to modify system configurations, manage user accounts, alter content, and potentially access sensitive data stored within the restaurant directory database. This vulnerability directly violates the principle of least privilege and undermines the confidentiality, integrity, and availability of the affected system.

The security implications of CVE-2009-4675 align with CWE-285, which addresses improper authorization in authentication mechanisms, and can be mapped to ATT&CK technique T1078 for valid accounts and T1566 for social engineering attacks that leverage authentication bypasses. Organizations running this version of the Mole Group Gastro Portal should immediately implement mitigations including input validation, proper authentication enforcement, and access control verification mechanisms. The recommended remediation involves implementing robust session management, enforcing strict authentication checks before administrative operations, and ensuring that all administrative functions require proper authorization before execution. Additionally, network segmentation and monitoring of administrative access patterns should be implemented to detect and prevent unauthorized access attempts, as this vulnerability could serve as a gateway for more extensive system compromise.

Reservation

03/05/2010

Disclosure

03/05/2010

Moderation

accepted

Entry

VDB-52073

CPE

ready

Exploit

Download

EPSS

0.02614

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!