phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-04-27T18:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2008-04-27T00:00:00
Link: CVE-2008-1971
JSON object: View
NVD Information
Status : Modified
Published: 2008-04-27T18:05:00.000
Modified: 2017-09-29T01:30:58.257
Link: CVE-2008-1971
JSON object: View
Redhat Information
No data.
CWE