Deserialization of untrusted data

2007-05-2419:30:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.3%

JSON

user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.

CPENameOperatorVersion
boastmachineeq3.0 platinum

CPE	Name	Operator	Version
	boastmachine	eq	3.0 platinum

References

osvdb.org/41027

securityreason.com/securityalert/2736

www.securityfocus.com/archive/1/469226/100/0/threaded

www.securityfocus.com/bid/24096

exchange.xforce.ibmcloud.com/vulnerabilities/34462