DeluxeBB 1.07 and previous versions allows remote malicious users to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
deluxebb deluxebb 1.06 |
||
deluxebb deluxebb 1.07 |
||
deluxebb deluxebb 1.05 |