am4ss contains a flaw that is triggered when the program fails to properly sanitize input passed via the core.assign_by_ref.php script. This may allow a remote attacker to create an administrative account.
Remote / Network Access
Loss of Integrity
OSVDB is not aware of a solution for this vulnerability.