management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter.Referenceshttp://sourceforge.net/project/shownotes.php?release_id=338551http://secunia.com/advisories/15857http://www.securityfocus.com/bid/14244
