CVE-2007-6237
cp.php in DeluxeBB 1.09 fails to verify that the membercookie matches the authenticated member during profile updates, enabling remote authenticated users to change e-mails for arbitrary accounts via a modified membercookie parameter (a different vector than CVE-2006-4078). This can be leveraged ...