CVE-2007-6399 - index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password

CVE-2007-6399

Summary

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.

References

http://osvdb.org/44118
http://www.securityfocus.com/archive/1/484803/100/100/threaded
http://www.securityfocus.com/bid/26782
https://www.exploit-db.com/exploits/4705

Vulnerable Configurations

cpe:2.3:a:myupb:flat_php_board:*:*:*:*:*:*:*:*
cpe:2.3:a:myupb:flat_php_board:*:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 15-10-2018 - 21:52)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bid	26782
bugtraq	20071209 Flat PHP Board <= 1.2 Multiple Vulnerabilities
exploit-db	4705
osvdb	44118

Last major update

15-10-2018 - 21:52

Published

17-12-2007 - 18:46

Last modified

15-10-2018 - 21:52