Quicksilver Forums Information Disclosure Vulnerability and PM Deletion Vulnerability

Bugtraq ID:	25887
Class:	Unknown
CVE:	CVE-2007-5172 CVE-2007-5171
Remote:	Yes
Local:	No
Published:	Oct 01 2007 12:00AM
Updated:	Jul 06 2016 02:17PM
Credit:	The vendor reported these issues.
Vulnerable:	Quicksilver Forums Development Team Quicksilver Forums 1.4
Not Vulnerable:	Quicksilver Forums Development Team Quicksilver Forums 1.4.1

Quicksilver Forums Information Disclosure Vulnerability and PM Deletion Vulnerability

Quicksilver Forums is prone to two vulnerabilities:

- An information-disclosure issue
- An issue that permits unauthorized users to delete PMs.

An attacker can exploit these issues to obtain sensitive information and to remove other users' PMs. These issues may lead to further attacks.

Versions prior to Quicksilver 1.4.1 are affected.

Quicksilver Forums Information Disclosure Vulnerability and PM Deletion Vulnerability

An attacker may use a browser to exploit these issues.

Quicksilver Forums Information Disclosure Vulnerability and PM Deletion Vulnerability

Solution:
The vendor released an update to address these issues. Please see the references for more information.


Quicksilver Forums Quicksilver Forums 1.4

• Quicksilver Forums Development Team quicksilverforums-1.4.1.tar.gz
  http://prdownloads.sourceforge.net/qsforums/quicksilverforums-1.4.1.ta r.gz?download

Quicksilver Forums Information Disclosure Vulnerability and PM Deletion Vulnerability

References:

• QuickSilver Forums Homepage (Quicksilver Forums Development Team)