header-logo
Suggest Exploit
vendor:
php-board
by:
SecurityFocus
4.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: php-board
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

php-board User Information Disclosure Vulnerability

php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords.

Mitigation:

Restrict access to the user files by implementing proper authentication and authorization.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6862/info

php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords.

http://www.example.com/user/[NICKNAME].txt

Navigation

Suggest Exploit

Services By CQR