CVE-2007-6237

Name of the Vulnerable Software and Affected Versions DeluxeBB version 1.09

Description The issue allows remote authenticated users to change the e-mail addresses of arbitrary accounts by modifying the membercookie parameter during a profile update. This can be exploited to gain administrative access by requesting a password-reset e-mail.

Recommendations For DeluxeBB version 1.09, update the cp.php file to verify that the membercookie parameter corresponds to the authenticated member during profile updates to prevent unauthorized changes to account e-mail addresses. As a temporary workaround, consider restricting access to the profile update feature until a proper fix is applied.