CVE-2008-7309

Name of the Vulnerable Software and Affected Versions Insoshi versions prior to 20080920

Description The issue allows remote attackers to set the ForumPost user id value via a modified URL, related to a mass assignment vulnerability. This occurs because the software does not properly restrict the use of a hash to provide values for a model's attributes.

Recommendations For versions prior to 20080920, consider restricting access to the user id parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, avoid using the user id parameter in the modified URL to minimize the risk of exploitation.