Phphq: >> Phshoutbox Final Security Vulnerabilities
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
CVSS Score
7.5
EPSS Score
0.03
Published
2008-04-27