PT-2002-2552 · Openbb · Openbb
Publicado
2002-12-31
·
Atualizado
2016-10-18
·
CVE-2002-1830
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Open Bulletin Board (OpenBB) version 1.0.0 RC3
Description
The issue allows remote attackers to bypass authentication and access modifier options. This is achieved by making a direct request to the "moderator.php" endpoint with the
action and ismod parameters.Recommendations
For OpenBB version 1.0.0 RC3, consider restricting access to the "moderator.php" endpoint until a patch is available. As a temporary workaround, avoid using the
action and ismod parameters in the affected endpoint to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openbb