CVE-2006-3772

Name of the Vulnerable Software and Affected Versions PHP-Post versions 0.21 and 1.0, and possibly earlier versions

Description The issue allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie when auto-login is enabled.

Recommendations For PHP-Post versions 0.21 and 1.0, and possibly earlier versions, consider disabling the auto-login feature to prevent exploitation until a fix is available. As a temporary workaround, restrict access to administrative privileges to minimize the risk of exploitation. Avoid using the auto-login feature until the issue is resolved.