PT-2008-3493 · Ph · Phshoutbox

T0Pp8Uzz

Published

2008-04-27

Updated

2017-09-29

CVE-2008-1971

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phShoutBox versions Final 1.5 and earlier

Description The issue allows remote attackers to gain privileges. This can be achieved by setting the phadmin cookie to 'admin.php', or in versions 1.4 and earlier, by setting the ssbadmin cookie to 'shoutadmin.php'.

Recommendations For phShoutBox versions Final 1.5 and earlier, consider disabling the password check functionality until a proper fix is implemented, and restrict access to the admin.php and shoutadmin.php pages to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-1971

Affected Products

Phshoutbox

PT-2008-3493 · Ph · Phshoutbox

CVE-2008-1971

Weakness Enumeration

Related Identifiers

Affected Products

References · 5