NI3
11-05-2003, 11:25 AM
TITLE:
Web Wiz Forums Unauthorised Message Access Vulnerability
SECUNIA ADVISORY ID:
SA10137
VERIFY ADVISORY:
[Only registered and activated users can see links]
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
Web Wiz Forums 7.x
Web Wiz Forums 6.x
DESCRIPTION:
A vulnerability has been identified in Web Wiz Forums, which can be
exploited by malicious people to view any message.
The problem is that access restrictions aren't properly enforced when
replying and quoting a message. This effectively allows anyone to
read any message.
The vulnerability affects the following versions: 6.34, 7.01, and
7.5.
SOLUTION:
Update to version 7.51:
[Only registered and activated users can see links]
REPORTED BY / CREDITS:
Alexander Antipov
----------------------------------------------------------------------
Web Wiz Forums Unauthorised Message Access Vulnerability
SECUNIA ADVISORY ID:
SA10137
VERIFY ADVISORY:
[Only registered and activated users can see links]
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
Web Wiz Forums 7.x
Web Wiz Forums 6.x
DESCRIPTION:
A vulnerability has been identified in Web Wiz Forums, which can be
exploited by malicious people to view any message.
The problem is that access restrictions aren't properly enforced when
replying and quoting a message. This effectively allows anyone to
read any message.
The vulnerability affects the following versions: 6.34, 7.01, and
7.5.
SOLUTION:
Update to version 7.51:
[Only registered and activated users can see links]
REPORTED BY / CREDITS:
Alexander Antipov
----------------------------------------------------------------------