CVE-2006-4078 Information
Feb 14, 2021
cve
Description
pm.php (aka the PM system) in DeluxeBB 1.08 and possibly earlier allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
Reference
http://secunia.com/advisories/21387 http://securityreason.com/securityalert/1381 http://www.osvdb.org/27834 http://www.securityfocus.com/archive/1/442464/100/0/threaded http://www.securityfocus.com/bid/19418 http://www.vupen.com/english/advisories/2006/3188 https://exchange.xforce.ibmcloud.com/vulnerabilities/28270
Share on: