PT-2007-3584 · Phorum · Phorum

Janek Vind

Published

2007-04-25

Updated

2018-10-16

CVE-2007-2249

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Phorum versions prior to 5.1.22

Description The issue allows remote authenticated moderators to gain privileges. This can be achieved by modifying the user ids POST parameter or the userdata array in the include/controlcenter/users.php file.

Recommendations For versions prior to 5.1.22, update to version 5.1.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the include/controlcenter/users.php file for moderators until the update is applied. Avoid using the user ids POST parameter and userdata array in the affected file until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2249

Affected Products

Phorum

PT-2007-3584 · Phorum · Phorum

CVE-2007-2249

Related Identifiers

Affected Products

References · 12