CVE-2000-1228 Information

Description

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step option confirm and newPssword variables.

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html http://hispahack.ccc.de/mi020.html http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm http://www.securityfocus.com/bid/2271