Description
The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Manuel Lopez · textwebappsphp
https://www.exploit-db.com/exploits/24061
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15970
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10217
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108301983206107&w=2
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11481
Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1009935
Scores
EPSS
0.0388
EPSS Percentile
88.3%
Details
Status
published
Products (6)
openbb/openbb
1.0_.0_beta1
openbb/openbb
1.0_.0_rc1
openbb/openbb
1.0_.0_rc2
openbb/openbb
1.0_.0_rc3
openbb/openbb
1.0_.5
openbb/openbb
1.0_.6
Published
Apr 26, 2004
Tracked Since
Feb 18, 2026