2005-05-03 04:00:00
mitre
PUBLISHED
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.