Arbitrary Server Variable Modification in XMB Forum 1.9.1

Arbitrary Server Variable Modification in XMB Forum 1.9.1

CVE-2005-2574 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].

Learn more about our Cis Benchmark Audit For Server Software.