CVE-2006-0139

Name of the Vulnerable Software and Affected Versions PD9 Software MegaBBS version 2.1

Description The issue concerns the send-private-message functionality, specifically the "send-private-message.asp" endpoint, which allows remote attackers to read private messages of other users. This is achieved by modifying the replyid parameter.

Recommendations For PD9 Software MegaBBS version 2.1, consider restricting access to the "send-private-message.asp" endpoint until a patch is available. As a temporary workaround, avoid using the modified replyid parameter in the send-private-message functionality to minimize the risk of exploitation.