Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.

Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.