Description
MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2630 Vulnerability (CVE-2019-2630)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-41927)
WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Security Bypass (6.22.5)
PrestaShop Improper Authentication Vulnerability (CVE-2021-21308)
WordPress Plugin Parallax Scroll Cross-Site Scripting (2.0.1)