CVE-2007-6399

2007-12-1718:00:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.

References

osvdb.org/44118

www.securityfocus.com/archive/1/484803/100/100/threaded

www.securityfocus.com/bid/26782

www.exploit-db.com/exploits/4705