The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openbb | Openbb | 1.0_.0_rc2 | 1.0_.0_rc2 |
Openbb | Openbb | 1.0_.0_rc3 | 1.0_.0_rc3 |
Openbb | Openbb | 1.0_.6 | 1.0_.6 |
Openbb | Openbb | 1.0_.5 | 1.0_.5 |
Openbb | Openbb | 1.0_.0_beta1 | 1.0_.0_beta1 |
Openbb | Openbb | 1.0_.0_rc1 | 1.0_.0_rc1 |