index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tritanium_bulletin_board | Tritanium_scripts | 0.993_beta (including) | 0.993_beta (including) |
| Tritanium_bulletin_board | Tritanium_scripts | 0.994_beta (including) | 0.994_beta (including) |
| Tritanium_bulletin_board | Tritanium_scripts | 0.999_beta (including) | 0.999_beta (including) |
| Tritanium_bulletin_board | Tritanium_scripts | 1.0_beta (including) | 1.0_beta (including) |
| Tritanium_bulletin_board | Tritanium_scripts | 1.1_final (including) | 1.1_final (including) |
| Tritanium_bulletin_board | Tritanium_scripts | 1.2 (including) | 1.2 (including) |
| Tritanium_bulletin_board | Tritanium_scripts | 1.2.1 (including) | 1.2.1 (including) |
| Tritanium_bulletin_board | Tritanium_scripts | 1.2.2 (including) | 1.2.2 (including) |
| Tritanium_bulletin_board | Tritanium_scripts | 1.2.3 (including) | 1.2.3 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2003-10/0348.html
- http://secunia.com/advisories/10135
- http://www.osvdb.org/2770
- http://www.securityfocus.com/bid/8944
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13587
- http://archives.neohapsis.com/archives/bugtraq/2003-10/0348.html
- http://secunia.com/advisories/10135
- http://www.osvdb.org/2770
- http://www.securityfocus.com/bid/8944
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13587