CVE-2003-1401

php-Board 1.0 - Unauthenticated Sensitive Information Exposure via Plaintext Password Storage

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1401. PoCs published by frog.

AI-analyzed exploit summary This exploit describes an information disclosure vulnerability in php-board where user data, including passwords, is stored in flat files accessible via direct URL requests. The PoC demonstrates how an attacker can retrieve sensitive user information by accessing a predictable file path.

Description

login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.

Exploits (1)

exploitdb WRITEUP VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/22252

This exploit describes an information disclosure vulnerability in php-board where user data, including passwords, is stored in flat files accessible via direct URL requests. The PoC demonstrates how an attacker can retrieve sensitive user information by accessing a predictable file path.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: php-board (version not specified)
No auth needed
Prerequisites: Knowledge of the target's php-board installation path · Knowledge of a valid username
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0069.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6862
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11338

Scores

EPSS 0.0176
EPSS Percentile 75.0%

Details

CWE
CWE-255
Status published
Products (1)
php_board/php_board 1.0
Published Dec 31, 2003
Tracked Since Feb 18, 2026