PT-2012-1265 · Insoshi · Insoshi

Published

2012-04-04

Updated

2012-04-12

CVE-2008-7309

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Insoshi versions prior to 20080920

Description The issue allows remote attackers to set the ForumPost user id value via a modified URL, related to a mass assignment vulnerability. This occurs because the software does not properly restrict the use of a hash to provide values for a model's attributes.

Recommendations For versions prior to 20080920, consider restricting access to the user id parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, avoid using the user id parameter in the modified URL to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2008-7309

Affected Products

Insoshi

PT-2012-1265 · Insoshi · Insoshi

CVE-2008-7309

Weakness Enumeration

Related Identifiers

Affected Products

References · 3