CVE-2010-3713

rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
usebbusebb
𝑥
≤ 1.0.10
usebbusebb
0.1
usebbusebb
0.1.1
usebbusebb
0.2
usebbusebb
0.2.1
usebbusebb
0.2.2
usebbusebb
0.2.3
usebbusebb
0.2.3:a
usebbusebb
0.3
usebbusebb
0.3.1
usebbusebb
0.3.2
usebbusebb
0.4
usebbusebb
0.4.1
usebbusebb
0.5
usebbusebb
0.5.1
usebbusebb
0.5.1:a
usebbusebb
0.6
usebbusebb
0.6:a
usebbusebb
0.7:beta1
usebbusebb
0.7:beta2
usebbusebb
1.0
usebbusebb
1.0:rc1
usebbusebb
1.0:rc2
usebbusebb
1.0:rc3
usebbusebb
1.0.1
usebbusebb
1.0.2
usebbusebb
1.0.3
usebbusebb
1.0.4
usebbusebb
1.0.5
usebbusebb
1.0.6
usebbusebb
1.0.7
usebbusebb
1.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2010/10/08/5
http://www.openwall.com/lists/oss-security/2010/10/11/5
http://www.usebb.net/community/topic-2495.html
http://www.usebb.net/community/topic.php?id=2501
http://www.openwall.com/lists/oss-security/2010/10/08/5
http://www.openwall.com/lists/oss-security/2010/10/11/5
http://www.usebb.net/community/topic-2495.html
http://www.usebb.net/community/topic.php?id=2501