CVE-2008-1971

phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
Configurations

Configuration 1

cpe:2.3:a:phphq:phshoutbox_final:*:*:*:*:*:*:*:*

Information

Published : 2008-04-27 06:05

Updated : 2017-09-29 01:30


NVD link : CVE-2008-1971

Mitre link : CVE-2008-1971

Products Affected
No products.
CWE