admin/edit_user.php in KerviNet Forum 1.1 and previous versions does not require administrative authentication, which allows remote malicious users to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
max kervin kervinet forum |