CVE-2003-1258

Name of the Vulnerable Software and Affected Versions vBB versions 0.9.5 through 0.9.6

Description The issue allows remote attackers to gain unauthorized administrative access. This is achieved via a URL request to the activate.php endpoint with the uid parameter set to the webmaster uid.

Recommendations For versions 0.9.5 and 0.9.6, consider restricting access to the activate.php endpoint until a fix is available. As a temporary workaround, avoid using the uid parameter in the affected endpoint to minimize the risk of exploitation.