Security vulnerability found in UseBB

Submitted by Anonymous on Fri, 04/01/2005 - 15:09
Written by
Dietrich

A security vulnerability has been found in all versions of UseBB between 0.2 and 0.5-CVS. This includes the latest stable release 0.4.1.

The bug makes it possible to obtain posts from topics in hidden forums by changing the quotepost variable in the URL while replying to a topic. If you don't have any private (hidden) forums, your board is not affected by this bug. If it is, please apply the patch. Because this bug will probably affect only a very limited number of forums, we are not releasing a patched version of UseBB. This bug will however of course be fixed in UseBB 0.5.

post_reply.php-vulnerability-20050401.readme
post_reply.php-vulnerability-20050401.patch