PHP-Board User Password Disclosure Vulnerability

info
discussion
exploit
solution
references

PHP-Board User Password Disclosure Vulnerability

php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords.