PT-2004-3622 · Web Wiz · Web Wiz Forums

Published

2004-12-31

Updated

2017-07-29

CVE-2004-2733

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Web Wiz Forums version 7.7a

Description The issue concerns invalid logic used to determine user privileges. This allows remote attackers to perform certain actions, including blocking arbitrary IP addresses via the "pop up ip blocking.asp" API endpoint or modifying topics via the "pop up topic admin.asp" API endpoint.

Recommendations For Web Wiz Forums version 7.7a, update to a version that addresses the privilege determination logic issue to prevent unauthorized actions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2004-2733

Affected Products

Web Wiz Forums

PT-2004-3622 · Web Wiz · Web Wiz Forums

CVE-2004-2733

Weakness Enumeration

Related Identifiers

Affected Products

References · 9