CVE-2008-5308

Name of the Vulnerable Software and Affected Versions The Simple Forum version 3.1d for LoveCMS version 1.6.2 Final

Description The issue allows remote attackers to change the administrator password by making a direct request to the "modules/simpleforum/admin/index.php" API endpoint. This is due to the module not properly restricting access to administrator functions.

Recommendations For The Simple Forum version 3.1d, restrict access to the "modules/simpleforum/admin/index.php" endpoint to prevent unauthorized password changes. Consider temporarily disabling the administrator functions in the Simple Forum module until a proper fix is available.