2 matches found
CVE-2007-6399
CVE-2007-6399 affects Flat PHP Board 1.2 and earlier. The vulnerability allows remote authenticated users to obtain the current user’s password by reading the password parameter value in the HTML source of the page generated by a profile action. The underlying cause is exposure of the password pa...
CVE-2007-6396
CVE-2007-6396 is a direct static code injection vulnerability in index.php of Flat PHP Board 1.2 and earlier. It allows remote attackers to inject arbitrary PHP code through the (1) username, (2) password, and (3) email parameters when registering a user account, with code execution possible via ...