Описание
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.5 (включая)
cpe:2.3:a:phphq:phshoutbox_final:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04724
Низкий
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
EPSS
Процентиль: 89%
0.04724
Низкий
7.5 High
CVSS2
Дефекты
CWE-287