Phphq » Phshoutbox Final : Security Vulnerabilities, CVEs,
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
Max CVSS
7.5
EPSS Score
2.27%
Published
2008-04-27
Updated
2017-09-29
1 vulnerabilities found