PT-2003-2128 · Web Wiz · Web Wiz Forums

Published

2003-12-31

Updated

2017-07-11

CVE-2003-1176

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Web Wiz Forums versions 6.34 through 7.5

Description The issue allows remote attackers to access private forums without authorization. This is achieved by modifying the FID (forum ID) parameter in the quote mode of the post message form.asp file.

Recommendations For Web Wiz Forums versions 6.34 through 7.5, avoid using the quote mode until a patch is available. As a temporary workaround, consider restricting access to the post message form.asp file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1176

Affected Products

Web Wiz Forums

PT-2003-2128 · Web Wiz · Web Wiz Forums

CVE-2003-1176

Related Identifiers

Affected Products

References · 9