Vulnerabilities > CVE-2005-1404 - Unspecified vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

myphp-forum

NVD

Published: 2005-05-03

Updated: 2008-09-05

Summary

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.

Vulnerable Configurations

Part	Description	Count
Application	Myphp_Forum Myphp Forum Myphp Forum 1.0 Myphp Forum Myphp Forum 2.0 Myphp Forum Myphp Forum 3.0	3

References

http://secunia.com/advisories/15166
http://www.osvdb.org/15902
http://www.osvdb.org/15903
http://www.securityfocus.com/bid/13429
http://www.securityfocus.com/bid/13430
http://www.securityfocus.org/archive/1/397025