CVE-2005-2005

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board (UPB) versions 1.9.6 GOLD and earlier

Description The issue allows remote attackers to obtain sensitive information on registered users due to insufficient access control of the users.dat file, which is stored under the web document root. This can be achieved via a direct request to 'db/users.dat'.

Recommendations For Ultimate PHP Board (UPB) versions 1.9.6 GOLD and earlier, consider restricting access to the 'db/users.dat' file to prevent unauthorized access until a proper fix is applied. As a temporary workaround, moving the users.dat file outside of the web document root or implementing proper access controls can help mitigate the risk.