2 matches found
CVE-2007-6237
cp.php in DeluxeBB 1.09 fails to verify that the membercookie matches the authenticated member during profile updates, enabling remote authenticated users to change e-mails for arbitrary accounts via a modified membercookie parameter (a different vector than CVE-2006-4078). This can be leveraged ...
CVE-2006-5154
DeluxeBB 1.09 and earlier are affected by a PHP remote file inclusion in cp/sig.php. The vulnerability allows an attacker to execute arbitrary PHP code by supplying a malicious URL in the templatefolder parameter, enabling remote code execution. Affected component: cp/sig.php; root cause: unsafe ...