CVE-2009-2328

Name of the Vulnerable Software and Affected Versions KerviNet Forum versions 1.1 and earlier

Description The issue allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks. This is possible because the admin/edit user.php file does not require administrative authentication. The del user id parameter is vulnerable to such attacks.

Recommendations For KerviNet Forum versions 1.1 and earlier, consider restricting access to the admin/edit user.php file until a patch is available, and ensure that proper authentication mechanisms are in place to prevent unauthorized access. Avoid using the del user id parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.