Unauthenticated Users Can Disclose Messages in Private Forums via Quote Reply Feature

Unauthenticated Users Can Disclose Messages in Private Forums via Quote Reply Feature

CVE-2022-25091 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.

Learn more about our User Device Pen Test.