Title: Personal Sticky Threads vBulletin Addon Unauthorized Access Vulnerability
Severity: MODERATE
Description:
Personal Sticky Threads is an addon for vBulletin bulletin-board software.
The application is prone to an unauthorized-access vulnerability because it fails to adequately limit access to certain threads. Specifically, an attacker can view the title, author, and pages of a thread they do not have access to by toggling 'personal stickies' for the thread on.
The attacker can exploit this vulnerability to obtain potentially sensitive information that may aid in further attacks.
Personal Sticky Threads 1.0.3c is vulnerable; other versions may also be affected.
Affected Products:
- Personal Sticky Threads Personal Sticky Threads 1.0.3c
References:
- Personal Sticky Threads: Personal Sticky Threads Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
