4.3

CVE-2010-3713

rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UsebbUsebb Version <= 1.0.10
UsebbUsebb Version0.1
UsebbUsebb Version0.1.1
UsebbUsebb Version0.2
UsebbUsebb Version0.2.1
UsebbUsebb Version0.2.2
UsebbUsebb Version0.2.3
UsebbUsebb Version0.2.3 Updatea
UsebbUsebb Version0.3
UsebbUsebb Version0.3.1
UsebbUsebb Version0.3.2
UsebbUsebb Version0.4
UsebbUsebb Version0.4.1
UsebbUsebb Version0.5
UsebbUsebb Version0.5.1
UsebbUsebb Version0.5.1 Updatea
UsebbUsebb Version0.6
UsebbUsebb Version0.6 Updatea
UsebbUsebb Version0.7 Updatebeta1
UsebbUsebb Version0.7 Updatebeta2
UsebbUsebb Version1.0
UsebbUsebb Version1.0 Updaterc1
UsebbUsebb Version1.0 Updaterc2
UsebbUsebb Version1.0 Updaterc3
UsebbUsebb Version1.0.1
UsebbUsebb Version1.0.2
UsebbUsebb Version1.0.3
UsebbUsebb Version1.0.4
UsebbUsebb Version1.0.5
UsebbUsebb Version1.0.6
UsebbUsebb Version1.0.7
UsebbUsebb Version1.0.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.19% 0.638
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.openwall.com/lists/oss-security/2010/10/08/5
http://www.openwall.com/lists/oss-security/2010/10/11/5
http://www.usebb.net/community/topic-2495.html
Patch
http://www.usebb.net/community/topic.php?id=2501