header-logo
Suggest Exploit
vendor:
OpenBB
by:
5.5
CVSS
MEDIUM
Private Message Disclosure
CWE
Product Name: OpenBB
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

OpenBB Private Message Disclosure Vulnerability

OpenBB is affected by a private message disclosure vulnerability due to a design error that fails to validate user credentials. This vulnerability allows an attacker to read arbitrary private messages posted to the bulletin board, compromising confidentiality.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper user credential validation and access controls in OpenBB.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10217/info

It has been reported that OpenBB is affected by a private message disclosure vulnerability. This issue is due to a design error that fails to validate user credentials.

This issue might allow an attacker to read arbitrary private messages posted to the bulletin board; limiting confidentiality.

http:/www.example.com/forum/myhome.php?action=readmsg&id=[message_id]&box=inbox

Navigation

Suggest Exploit

Services By CQR