Sensitive Information Disclosure in Ultimate PHP Board (UPB) 1.8 through 1.9.6 via Invalid Parameters

Sensitive Information Disclosure in Ultimate PHP Board (UPB) 1.8 through 1.9.6 via Invalid Parameters

CVE-2005-1616 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.

Learn more about our Web Application Penetration Testing UK.