3 matches found
CVE-2010-3713
rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed...
CVE-2010-3713
rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed...
CVE-2010-3713
CVE-2010-3713 affects UseBB up to version 1.0.10. RSS feeds (rss.php) do not correctly honor read vs. view permissions: a user with view permission but lacking read permission can bypass access restrictions by reading a forum feed together with a topic feed. This exposes restricted forum content ...