CVE-2008-6717

Name of the Vulnerable Software and Affected Versions U&M Software Signup versions 1.0 through 1.1

Description The issue allows remote attackers to have an unspecified impact by directly requesting certain PHP scripts in the admin directory without proper administrative authentication. The affected scripts include "adminstart.php", "admineventtype.php", "admineventdetails.php", "admineventlist.php", "adminuserslist.php", "adminleaderslist.php", "admindatabase.php", and possibly "index.php".

Recommendations For versions 1.0 and 1.1, consider implementing proper administrative authentication for all scripts in the admin directory to prevent unauthorized access. As a temporary workaround, restrict access to the admin directory and its scripts until a proper fix is applied.