### [CVE-2008-1971](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1971)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.

### POC

#### Reference
- https://www.exploit-db.com/exploits/5467

#### Github
No PoCs found on GitHub currently.