CVE-2004-2733

Name of the Vulnerable Software and Affected Versions Web Wiz Forums version 7.7a

Description The issue concerns invalid logic used to determine user privileges. This allows remote attackers to perform certain actions, including blocking arbitrary IP addresses via the "pop up ip blocking.asp" API endpoint or modifying topics via the "pop up topic admin.asp" API endpoint.

Recommendations For Web Wiz Forums version 7.7a, update to a version that addresses the privilege determination logic issue to prevent unauthorized actions.