Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ultimate PHP Board可注册第二个'admin'用户漏洞
Vulnerability Description
Ultimate PHP Board是一款开放源代码由PHP编写的WEB论坛程序。 Ultimate PHP Board允许存在两个'admin'帐户,远程攻击者可以利用这个漏洞可以冒充admin用户发言。 Ultimate PHP Board允许存在两个不同访问级别的'admin'帐户,在安装阶段可以注册一个'admin'帐户,它的权限为管理员级别,而安装完后,可以通过register.php又可以注册一个名为'admin'的帐户,而upb不会产生任何错误,但是这个'admin'却只有'member'组
CVSS Information
N/A
Vulnerability Type
N/A