FusionBB Category Permission Weakness Invisible Forum Disclosure

2005-06-06T02:31:49
ID OSVDB:17431
Type osvdb
Reporter OSVDB
Modified 2005-06-06T02:31:49

Description

Vulnerability Description

FusionBB contains a flaw that may allow a malicious user to access invisible forums. The issue is due to category permission weakness. An attacker can access the invisible forums by requesting a visible category of invisible fourms, resulting in a loss of confidentiality.

Solution Description

Upgrade to version .12 Beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FusionBB contains a flaw that may allow a malicious user to access invisible forums. The issue is due to category permission weakness. An attacker can access the invisible forums by requesting a visible category of invisible fourms, resulting in a loss of confidentiality.

References:

Vendor URL: http://www.fusionbb.com/ Vendor Specific News/Changelog Entry: http://www.interactivephp.com/misc/CHANGELOG.html