CVE-2005-4688 Information

Description

PunBB 1.2.9 does not require password entry when changing the e-mail address in an account’s profile which might allow an attacker to make an address change via a hijacked login session.

Reference

http://www.punbb.org/changelogs/1.2.9_to_1.2.10.txt