message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.Referenceshttp://securitytracker.com/id?1006117https://exchange.xforce.ibmcloud.com/vulnerabilities/11359
