Phpslash · Phpslash · CVE-2005-2257
Name of the Vulnerable Software and Affected Versions:
PhpSlash version 0.8.0
Description:
The issue allows remote attackers to modify arbitrary profiles and gain privileges. This is achieved by modifying the `author id` parameter in the `saveProfile` function.
Recommendations:
For PhpSlash version 0.8.0, consider restricting access to the `saveProfile` function until a patch is available, and avoid using the `author id` parameter in this function to minimize the risk of exploitation.