2006-02-01 02:00:00
mitre
PUBLISHED
PunBB 1.2.9 does not require password entry when changing the e-mail address in an accounts profile, which might allow an attacker to make an address change via a hijacked login session.