Vulnerabilities

CVE-2005-4358

by Fred · 19/12/2005

admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.

Date published : 2005-12-19

http://www.securityfocus.com/archive/1/420537/100/0/threaded

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=352966

Similar

Tags: Cybersecurity Alert