Fishyshoop · Fishyshoop · CVE-2006-6773
Name of the Vulnerable Software and Affected Versions:
Fishyshoop version 0.930 beta
Description:
The issue allows remote attackers to create arbitrary administrative users. This is achieved by setting the `is admin` HTTP POST parameter to 1 in the `pages/register/register.php` file.
Recommendations:
For Fishyshoop version 0.930 beta, consider restricting access to the `pages/register/register.php` file until a patch is available, and avoid using the `is admin` parameter in this context to minimize the risk of exploitation.