Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Snitz_forums_2000 | Snitz_communications | 3.4.03 (including) | 3.4.03 (including) |