2006-03-07 00:00:00
mitre
PUBLISHED
JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID.