PT-2006-1219 · Pd9 · Megabbs
Published
2006-01-09
·
Updated
2017-07-20
·
CVE-2006-0139
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PD9 Software MegaBBS version 2.1
Description
The issue concerns the send-private-message functionality, specifically the "send-private-message.asp" endpoint, which allows remote attackers to read private messages of other users. This is achieved by modifying the
replyid parameter.Recommendations
For PD9 Software MegaBBS version 2.1, consider restricting access to the "send-private-message.asp" endpoint until a patch is available. As a temporary workaround, avoid using the modified
replyid parameter in the send-private-message functionality to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Megabbs