Yazd Discussion Forum prior to 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yazd yazd discussion forum 1.0 |
||
yazd yazd discussion forum 2.0 |
||
yazd yazd discussion forum 2.1 |
||
yazd yazd discussion forum 2.4 |
||
yazd yazd discussion forum 2.2 |
||
yazd yazd discussion forum 2.3 |