First published: Sat Dec 31 2005(Updated: )
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Punbb Punbb | =1.2.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.