• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FUDForum Tree View Access Validation Vulnerability

FUDforum is prone to an access-validation vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to private forums.

An attacker can exploit this vulnerability to obtain posts from private forums. This may result in a loss of confidentiality. Information obtained may also be used in further attacks.

This issue is reported to affect FUDforum version 2.6.15; earlier versions may also be vulnerable.

Note that this issue may be triggered only if the 'Tree View' feature is enabled.