MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the start new topic HTML page.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Maxwebportal | Maxwebportal | 1.30 (including) | 1.30 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html
- http://secunia.com/advisories/8979
- http://www.osvdb.org/4933
- http://www.securityfocus.com/bid/7837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12278
- http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html
- http://secunia.com/advisories/8979
- http://www.osvdb.org/4933
- http://www.securityfocus.com/bid/7837
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12278