|
COMMAND Allair forums allows impersonation of other users SYSTEMS AFFECTED All ? PROBLEM \"Kernel jeian\" and \"Executive Officer\" posted [http://www.exploitresearch.net] : Allaire forums use a HIDDEN tag to determine the name and e-mail address of the author. By saving the file to disk and editing the HIDDEN fields before posting, it is possible to impersonate another user. SOLUTION The product is discontinued ??