Vulnerability Details CVE-2008-1971
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/29892
- http://www.securityfocus.com/bid/28856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41901
- https://www.exploit-db.com/exploits/5467
- http://secunia.com/advisories/29892
- http://www.securityfocus.com/bid/28856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41901
- https://www.exploit-db.com/exploits/5467
Products affected by CVE-2008-1971
-
cpe:2.3:a:phphq:phshoutbox_final:*