CVE-2002-1820

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board (UPB) versions 1.0 and 1.0b

Description The issue allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a", since the administrative account Admin with a capital "A" is used in register.php.

Recommendations For Ultimate PHP Board (UPB) versions 1.0 and 1.0b, consider modifying the register.php script to prevent registration of the admin account name in any case, or restrict access to administrative functions to prevent impersonation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.