CVE-2008-1971

phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
phphqphshoutbox_final
𝑥
≤ 1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/29892
http://www.securityfocus.com/bid/28856
https://exchange.xforce.ibmcloud.com/vulnerabilities/41901
https://www.exploit-db.com/exploits/5467
http://secunia.com/advisories/29892
http://www.securityfocus.com/bid/28856
https://exchange.xforce.ibmcloud.com/vulnerabilities/41901
https://www.exploit-db.com/exploits/5467