Web Wiz Forum pop_up_topic_admin.asp Title Modification

2004-04-30T14:17:18
ID OSVDB:5750
Type osvdb
Reporter Alexander(pk95@yandex.ru)
Modified 2004-04-30T14:17:18

Description

Vulnerability Description

Web Wiz Forum contains a flaw that may allow a remote attacker to manipulate the topic status. The issue is triggered due to a logical error in "pop_up_topic_admin.asp" input validation. It is possible that the flaw may allow a remote attacker to manipulate the topic status without authentification, resulting in a loss of integrity.

Solution Description

Upgrade to version 7.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Web Wiz Forum contains a flaw that may allow a remote attacker to manipulate the topic status. The issue is triggered due to a logical error in "pop_up_topic_admin.asp" input validation. It is possible that the flaw may allow a remote attacker to manipulate the topic status without authentification, resulting in a loss of integrity.

References:

Vendor URL: http://www.webwizguide.info/web_wiz_forums/default.asp?mode=asp Vendor Specific Solution URL: http://www.webwizguide.info/news/news_item.asp?NewsID=66 Security Tracker: 1010012 Secunia Advisory ID:11525 Related OSVDB ID: 5751 Related OSVDB ID: 5752 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html ISS X-Force ID: 16031 ISS X-Force ID: 16030 CVE-2004-2733 Bugtraq ID: 10255