VULHUB ™

A vulnerability has been reported in phpSquidPass that may allow a user's password and username to be changed unknowingly by another user. The vulnerability occurs because of the improper use of the PHP function, ereg. When a user password is updated, phpSquidPass will update user information for all accounts ending in the supplied username. This may delete account information for other users of the system, resulting in a denial of service condition.

A vulnerability has been reported in phpSquidPass that may allow a user's password and username to be changed unknowingly by another user. The vulnerability occurs because of the improper use of the PHP function, ereg. When a user password is updated, phpSquidPass will update user information for all accounts ending in the supplied username. This may delete account information for other users of the system, resulting in a denial of service condition.