CVE-2008-6717 Information

Description

U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory which allows remote attackers to have an unspecified impact via a direct request to (1) adminstart.php (2) admineventtype.php (3) admineventdetails.php (4) admineventlist.php (5) adminuserslist.php (6) adminleaderslist.php (7) admindatabase.php and possibly (8) index.php.

Reference

http://signup.uochm.com/features.php http://www.securityfocus.com/bid/32166 https://www.exploit-db.com/exploits/7032