CVE-2008-0391 Information

Description

inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication which allows remote attackers to add an arbitrary user account via a modified lilil parameter in conjunction with the ubild and pa parameters.

Reference

http://www.securityfocus.com/bid/27315 https://www.exploit-db.com/exploits/4922