PT-2012-5160 · Pbboard · Pbboard
Published
2012-08-12
·
Updated
2024-02-14
·
CVE-2012-4035
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PBBoard version 2.1.4
Description
The issue allows remote attackers to change the password of arbitrary user accounts. This is achieved by exploiting the
new password page, specifically through the member id and new password parameters to the "index.php" endpoint.Recommendations
For PBBoard version 2.1.4, consider restricting access to the
new password page until a fix is available, and avoid using the member id and new password parameters in the "index.php" endpoint to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pbboard