PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an malicious user to make an address change via a hijacked login session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
punbb punbb 1.2.9 |