2007-05-24 19:00:00
mitre
PUBLISHED
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.