{"edition": 1, "title": "phpwsContacts Anonymous CSV Export information disclosure", "bulletinFamily": "software", "published": "2004-04-22T09:05:26", "lastseen": "2017-04-28T13:20:00", "modified": "2004-04-22T09:05:26", "reporter": "Paul the lost boyscout(lostboyscout@users.sourceforge.net)", "viewCount": 3, "href": "https://vulners.com/osvdb/OSVDB:5677", "description": "## Vulnerability Description\nphpwsContacts contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the allow_anon_view setting is disabled, anonymous users can still perform exports, which will disclose user contact information resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to phpwsContacts version 0.8.3 and phpwsBB 0.9.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nphpwsContacts contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the allow_anon_view setting is disabled, anonymous users can still perform exports, which will disclose user contact information resulting in a loss of confidentiality.\n## References:\nVendor URL: http://phpwscontacts.sourceforge.net/\n[Vendor Specific Advisory URL](http://sourceforge.net/tracker/index.php?func=detail&aid=940306&group_id=83662&atid=570207)\n[Secunia Advisory ID:11480](https://secuniaresearch.flexerasoftware.com/advisories/11480/)\n[Related OSVDB ID: 5678](https://vulners.com/osvdb/OSVDB:5678)\n", "affectedSoftware": [{"name": "phpwsContacts", "version": "0.8.2", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2017-04-28T13:20:00", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:00", "rev": 2}, "vulnersScore": 0.1}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:5677"}

{}