phShoutBox Final 1.5 and previous versions only checks passwords when specified in $_POST, which allows remote malicious users to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and previous versions, the ssbadmin cookie to shoutadmin.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phphq phshoutbox final |