Share
From https://j.ludost.net/blog/archives/2019/11/11/minor_security_issue_in_punbb_with_sqlite/index.html  
  
Minor security issue in punbb with SQLite  
  
Georgi Guninski security advisory #76, 2019  
  
Running punbb-master from https://github.com/punbb/punbb  
from Thu 07 Nov 2019 11:23:33 AM UTC  
  
Installing on http://host/forum  
In install.php set:  
  
database type: SQLite3  
database name: database1  
  
Accessing http://host/forum/database1 returns the full raw database,  
including hashes and email addresses.  
  
If attacker guesses the name "database1" or brute force from common  
database names, this gives her read access of the raw database.  
  
If you consider this a bug, as workaround set database to something  
hard to guess.  
  
Other forum software explicitly want the SQLite database to  
be non-accessible from the web.  
  
--   
CV: https://j.ludost.net/resumegg.pdf  
site: http://www.guninski.com  
blog: https://j.ludost.net/blog