CVE-2008-6664

Name of the Vulnerable Software and Affected Versions SH-News version 3.0

Description The issue allows remote attackers to bypass authentication and gain administrator privileges. This is achieved by setting the shuser and shpass cookies to non-zero values in the 'action.php' file.

Recommendations For SH-News version 3.0, consider temporarily restricting access to the 'action.php' file until a patch is available. As a workaround, avoid using non-zero values for the shuser and shpass cookies to minimize the risk of exploitation.