Vulnerability Details CVE-2005-1404
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/15166
- http://www.osvdb.org/15902
- http://www.osvdb.org/15903
- http://www.securityfocus.com/bid/13429
- http://www.securityfocus.com/bid/13430
- http://www.securityfocus.org/archive/1/397025
- http://secunia.com/advisories/15166
- http://www.osvdb.org/15902
- http://www.osvdb.org/15903
- http://www.securityfocus.com/bid/13429
- http://www.securityfocus.com/bid/13430
- http://www.securityfocus.org/archive/1/397025
Products affected by CVE-2005-1404
-
cpe:2.3:a:myphp_forum:myphp_forum:1.0
-
cpe:2.3:a:myphp_forum:myphp_forum:2.0
-
cpe:2.3:a:myphp_forum:myphp_forum:3.0