Vulnerability Description
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Allaire | Forums | 2.0.4 |
References
- http://online.securityfocus.com/archive/1/249026Vendor Advisory
- http://www.iss.net/security_center/static/7841.phpVendor Advisory
- http://www.kb.cert.org/vuls/id/575619US Government Resource
- http://www.securityfocus.com/bid/3827
- http://online.securityfocus.com/archive/1/249026Vendor Advisory
- http://www.iss.net/security_center/static/7841.phpVendor Advisory
- http://www.kb.cert.org/vuls/id/575619US Government Resource
- http://www.securityfocus.com/bid/3827
FAQ
What is CVE-2002-0108?
CVE-2002-0108 is a vulnerability with a CVSS score of 7.5 (HIGH). Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.
How severe is CVE-2002-0108?
CVE-2002-0108 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0108?
Check the references section above for vendor advisories and patch information. Affected products include: Allaire Forums.