OpenBB 1.0.x - Private Message Disclosure
| EKU-ID: 29481 | CVE: CVE-2004-1968;OSVDB-5660 | OSVDB-ID: |
| Author: Manuel Lopez | Published: 2004-04-26 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29481 | CVE: CVE-2004-1968;OSVDB-5660 | OSVDB-ID: |
| Author: Manuel Lopez | Published: 2004-04-26 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/10217/info It has been reported that OpenBB is affected by a private message disclosure vulnerability. This issue is due to a design error that fails to validate user credentials. This issue might allow an attacker to read arbitrary private messages posted to the bulletin board; limiting confidentiality. http:/www.example.com/forum/myhome.php?action=readmsg&id=[message_id]&box=inbox