CVE-2008-6673

Name of the Vulnerable Software and Affected Versions QuickerSite version 1.8.5

Description The issue allows remote attackers to access administrative functionality without proper restrictions. This enables them to change the admin password via the cSaveAdminPW action, modify site information such as the contact address via the saveAdmin action, and modify the site design via the saveDesign action.

Recommendations For QuickerSite version 1.8.5, restrict access to the administrative functionality to prevent unauthorized changes. As a temporary workaround, consider disabling the cSaveAdminPW, saveAdmin, and saveDesign actions until a patch is available.