The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter.
Software | From | Fixed in |
---|---|---|
openbb / openbb | 1.0_.0_beta1 | 1.0_.0_beta1.x |
openbb / openbb | 1.0_.0_rc1 | 1.0_.0_rc1.x |
openbb / openbb | 1.0_.0_rc2 | 1.0_.0_rc2.x |
openbb / openbb | 1.0_.0_rc3 | 1.0_.0_rc3.x |
openbb / openbb | 1.0_.5 | 1.0_.5.x |
openbb / openbb | 1.0_.6 | 1.0_.6.x |