blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote malicious users to post shoutbox entries as arbitrary users via a modified nick field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bti-tracker bti-tracker |