CVE-2007-6237 (DeluxeBB) |
|
| BugsAlert Home > CVE-2007-6237 (DeluxeBB) | |
|
cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php. Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6237 Learn more about CVE-2007-6237 (DeluxeBB) |
|
| Tags: cve-2007-6237 deluxebb | |
Related Items |
|
|
CVE-2008-4201 (faad2)
|
|
|
CVE-2008-3562 (Chupix CMS, cms_contact_module)
|
|
|
Possible causes for reader's 'errors' problem - Southtown Star
|
|
|
CVE-2008-2750 (Kernel)
|
|
|
VideoLAN VLC Media Player ActiveX Plugin and FLAC Code Execution
|
|
|
OpenCart Script Insertion and Cross-Site Scripting
|
|
|
FrSIRT - RaidenFTPD "CWD" and "MLST" Commands DoS Vulnerability
|
|
