CVE-2003-1162
published 2003-12-31CVE-2003-1162: index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid…
PriorityP425medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.87%
85.0th percentile
index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tritanium_scripts | tritanium_bulletin_board | — | — |
| tritanium_scripts | tritanium_bulletin_board | — | — |
| tritanium_scripts | tritanium_bulletin_board | — | — |
| tritanium_scripts | tritanium_bulletin_board | — | — |
| tritanium_scripts | tritanium_bulletin_board | — | — |
| tritanium_scripts | tritanium_bulletin_board | — | — |
| tritanium_scripts | tritanium_bulletin_board | — | — |
| tritanium_scripts | tritanium_bulletin_board | — | — |
| tritanium_scripts | tritanium_bulletin_board | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XOOPS Module horoscope 2.0 - Remote File Inclusion
exploitdb·2007-06-12
CVE-2007-3236 XOOPS Module horoscope 2.0 - Remote File Inclusion
XOOPS Module horoscope 2.0 - Remote File Inclusion
---
BeyazKurt - [email protected]
XOOPS Modules Horoscope
http://www.xoops.org/modules/repository/visit.php?cid=32&lid=1162
modules/horoscope/footer.php?xoopsConfig[root_path]=
{NetLife Since : '2003-4'}
Emekli Heykır BeyazKurt - Neti bıraktım! Dönüşüm mükemmel olcak ;(
# milw0rm.com [2007-06-12]
Exploit-DB
Tritanium Scripts Tritanium Bulletin Board 1.2.3 - Unauthorized Access
exploitdb·2003-10-31
CVE-2003-1162 Tritanium Scripts Tritanium Bulletin Board 1.2.3 - Unauthorized Access
Tritanium Scripts Tritanium Bulletin Board 1.2.3 - Unauthorized Access
---
source: https://www.securityfocus.com/bid/8944/info
It has been reported that Tritanium Bulletin Board may be prone to an access validation error that may allow a remote attacker to to gain unauthorized access to threads. A remote attacker may be able to access sensitive data by modifying the URL and supplying a value for thread_id, forum_id, and sid paremeters.
Successful exploitation of this issue may allow an attacker to gain access to sensitive information that could be used to launch further attacks against a system.
Tritanium Bulletin Board version 1.2.3 has been reported to be prone to this issue, however other versions may be affected as well.
http://www.example.com/[path]/index.php?faction=reply&threa
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2003-10/0348.htmlhttp://secunia.com/advisories/10135http://www.osvdb.org/2770http://www.securityfocus.com/bid/8944https://exchange.xforce.ibmcloud.com/vulnerabilities/13587http://archives.neohapsis.com/archives/bugtraq/2003-10/0348.htmlhttp://secunia.com/advisories/10135http://www.osvdb.org/2770http://www.securityfocus.com/bid/8944https://exchange.xforce.ibmcloud.com/vulnerabilities/13587
2003-12-31
Published