Ultimate PHP Board (UPB) 1.9.6 and previous versions allows remote malicious users to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ultimate php board ultimate php board 1.9.6 |
||
ultimate php board ultimate php board 1.8 |
||
ultimate php board ultimate php board 1.8.2 |
||
ultimate php board ultimate php board 1.9 |