Description
MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Pricing Table by Supsystic Multiple Vulnerabilities (1.8.7)
WordPress Plugin Contact Form 7 Integrations Multiple Cross-Site Scripting Vulnerabilities (1.3.10)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2065)
WordPress 3.9.x Cross-Site Scripting Vulnerability (3.9 - 3.9.9)