2006-05-27 21:00:00
mitre
PUBLISHED
phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.