CVE-2008-7172

Name of the Vulnerable Software and Affected Versions Lightweight news portal (LNP) version 1.0b

Description The issue allows remote attackers to gain administrator privileges due to improper access restrictions to administrator functionality. This can be achieved via direct requests to the "admin.php" endpoint with specific actions, including potd delete, potd, vote update, vote, or modifynews.

Recommendations For Lightweight news portal (LNP) version 1.0b, restrict access to the "admin.php" endpoint to prevent unauthorized requests with the potd delete, potd, vote update, vote, or modifynews actions. Consider temporarily disabling these actions until a proper fix is implemented to prevent exploitation.