CVE-2002-1821

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board (UPB) versions 1.0 through 1.0b

Description The issue allows remote authenticated users to gain privileges and perform unauthorized actions. This can be achieved by making direct requests to specific API endpoints, including "admin members.php", "admin config.php", "admin cat.php", or "admin forum.php".

Recommendations For Ultimate PHP Board (UPB) versions 1.0 through 1.0b, consider restricting access to the admin members.php, admin config.php, admin cat.php, and admin forum.php endpoints until a patch is available. As a temporary workaround, limit the privileges of authenticated users to prevent them from performing unauthorized actions.