CVE-2007-6395

Name of the Vulnerable Software and Affected Versions Flat PHP Board versions 1.2 and earlier

Description The issue allows remote attackers to obtain credentials via a direct request for the username php file for any user account in the users/ directory, due to insufficient access control of sensitive information stored under the web root.

Recommendations For Flat PHP Board versions 1.2 and earlier, consider restricting access to the users/ directory to minimize the risk of exploitation. As a temporary workaround, restrict direct requests for php files in the users/ directory until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.