Aztek Forum 4.0 allows remote malicious users to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
aztek forum aztek forum 4.0 |