The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openbb | Openbb | 1.0_.0_beta1 (including) | 1.0_.0_beta1 (including) |
Openbb | Openbb | 1.0_.0_rc1 (including) | 1.0_.0_rc1 (including) |
Openbb | Openbb | 1.0_.0_rc2 (including) | 1.0_.0_rc2 (including) |
Openbb | Openbb | 1.0_.0_rc3 (including) | 1.0_.0_rc3 (including) |
Openbb | Openbb | 1.0_.5 (including) | 1.0_.5 (including) |
Openbb | Openbb | 1.0_.6 (including) | 1.0_.6 (including) |