CVE-2002-1820
CRITICALUltimate PHP Board <1.0-1.0b - Privilege Escalation
Title source: llmDescription
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."
References (3)
Core 3
Core References
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/289417
Broken Link, Patch vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9972.php
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5580
Scores
CVSS v3
9.8
EPSS
0.0238
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-178
Status
published
Products (1)
ultimate_php_board_project/ultimate_php_board
1.0 (2 CPE variants)
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026