CVE-2006-2896

profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action...

Deserialization of untrusted data

profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action...

CVE-2006-2896

CVE-2006-2896: FunkBoard CF0.71 suffers from a vulnerability in profile.php where a remote attacker can change arbitrary passwords by tampering with a hidden uid field in the Edit Profile action. Affected component is the profile handling in FunkBoard CF0.71; root cause is the inability to valida...

CVE-2006-2896

profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action...

FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit

No description provided by source. !-- Change action="http://profile.php" under the form tags /str0ke -- !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"htmlheadMETA http-equiv="Content-Type" content="text/html; charset=utf-8"/headbodyform enctype="multipart/form-data"...