PT-2008-3493 · Ph · Phshoutbox
T0Pp8Uzz
·
Publicado
2008-04-27
·
Atualizado
2017-09-29
·
CVE-2008-1971
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phShoutBox versions Final 1.5 and earlier
Description
The issue allows remote attackers to gain privileges. This can be achieved by setting the
phadmin cookie to 'admin.php', or in versions 1.4 and earlier, by setting the ssbadmin cookie to 'shoutadmin.php'.Recommendations
For phShoutBox versions Final 1.5 and earlier, consider disabling the password check functionality until a proper fix is implemented, and restrict access to the
admin.php and shoutadmin.php pages to minimize the risk of exploitation.Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Phshoutbox