Vulnerability
ultimate PHP Board (UPB) is a complete text-based messageboard. This works without the use of MySQL. The features of UPB are:-
- No SQL database
- With complete administration panel
- Topic bookmarking and watching
- Easy to use
There are many servers having the vulnerable version of Ultimate PHP Board (UPB) that stores users data file under the web root with insufficient access control. This will allows remote attackers to obtain usernames and passwords.
Impact
The impact include:-
- The attacker might get the access to the content.
- Possible loss of sensitive information.
- Possible manipulation of the web application.
- Cross-site scripting attacks (XSS)
Mitigation / Precaution
This vulnerability can be fixed by:-
- Implementing proper input validation methods.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
