PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| php-post | php-post_web_forum | 0.1 |
| php-post | php-post_web_forum | 0.3 |
| php-post | php-post_web_forum | 0.2 |
| php-post | php-post_web_forum | 0.21 |
| php-post | php-post_web_forum | 0.22 |
| php-post | php-post_web_forum | 0.32 |
Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| php-post | php-post_web_forum | 0.1 |
| php-post | php-post_web_forum | 0.3 |
| php-post | php-post_web_forum | 0.2 |
| php-post | php-post_web_forum | 0.21 |
| php-post | php-post_web_forum | 0.22 |
| php-post | php-post_web_forum | 0.32 |
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| php-post | php-post | 1.0 |
| php-post | php-post | 0.21 |