CVE-2008-5576

Properties

Published:
14.12.2008
Updated:
29.01.2009
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
scssboard: scssboard
scssboard: scssboard
scssboard: scssboard
scssboard: scssboard

Vulnerability description

admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.

References:

XF: http://xforce.iss.net/xforce/xfdb/47456
MILW0RM: http://www.milw0rm.com/exploits/5149
SREASON: http://securityreason.com/securityalert/4739