Description

MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.

Remediation

References

CVE-2007-0689

Related Vulnerabilities

WordPress Plugin Wechat Broadcast Local/Remote File Inclusion (1.2.0)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5492)

WordPress Plugin moreAds SE Cross-Site Scripting (1.4.6)

Jenkins Session Fixation Vulnerability (CVE-2018-1000409)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-0580)

Severity

Medium

Classification

CVE-2007-0689

Tags

Missing Update Known Vulnerabilities