CVE-2004-2653

Name of the Vulnerable Software and Affected Versions PD9 Software MegaBBS versions 2.0 through 2.1

Description The issue allows attackers to gain privileges via unknown vectors involving the "admin/userlevelmembers-edit.asp" and "admin/edit-groups.asp" API endpoints, specifically the admin module.

Recommendations For versions 2.0 and 2.1, consider restricting access to the "admin/userlevelmembers-edit.asp" and "admin/edit-groups.asp" API endpoints until a fix is available. As a temporary workaround, consider disabling the admin module to minimize the risk of exploitation.