[原文]Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.
Web Wiz Forums pop_up_topic_admin.asp Unauthenticated Title Modification
Remote / Network Access
Loss of Integrity
Web Wiz Forum contains a flaw that may allow a remote attacker to manipulate the topic status. The issue is triggered due to a logical error in "pop_up_topic_admin.asp" input validation. It is possible that the flaw may allow a remote attacker to manipulate the topic status without authentification, resulting in a loss of integrity.
Upgrade to version 7.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.