• info
• discussion
• exploit
• solution
• references

OpenBB Private Message Disclosure Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http:/www.example.com/forum/myhome.php?action=readmsg&id=[message_id]&box=inbox