VYPR
Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026

CVE-2005-4688

CVE-2005-4688

Description

PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.

Affected products

2
  • Punbb/Punbb2 versions
    cpe:2.3:a:punbb:punbb:1.2.9:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:punbb:punbb:1.2.9:*:*:*:*:*:*:*
    • (no CPE)range: <=1.2.9

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.