Ultimate PHP Board (UPB) 1.9.6 and previous versions uses a cryptographically weak block cipher with a large key collision space, which allows remote malicious users to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ultimate php board ultimate php board 1.9.6 |
||
ultimate php board ultimate php board 1.8 |
||
ultimate php board ultimate php board 1.8.2 |
||
ultimate php board ultimate php board 1.9 |