CVE-2008-1971 Information

Description

phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php or (2) in 1.4 and earlier the ssbadmin cookie to shoutadmin.php.

Reference

http://secunia.com/advisories/29892 http://www.securityfocus.com/bid/28856 https://exchange.xforce.ibmcloud.com/vulnerabilities/41901 https://www.exploit-db.com/exploits/5467