MaxWebPortal Start New Topic Hidden Form Field Modification
Remote / Network Access
Loss of Integrity
MaxWebPortal contains a flaw that allows a remote attacker to perform limited administrative actions. The issue is due to the software relying on hidden form fields for administrative control over the system. By adding extra form values to any request, an attacker may perform actions such as locking posts, changing web site content, or sending mass messages to every user on the system.
Currently, there are no known workarounds or upgrades to correct this issue. However, MaxWebPortal has released a patch to address this vulnerability.