Required CVE Record Information
Description
miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.
References 4 Total
- exchange.xforce.ibmcloud.com: minibb-bbfuncregusr-info-disclosure(42012) vdb-entry
- exploit-db.com: 5494 exploit
- secunia.com: 29997 third-party-advisory
- http://www.minibb.net/forums/9_5110_0.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- exchange.xforce.ibmcloud.com: minibb-bbfuncregusr-info-disclosure(42012) vdb-entryx_transferred
- exploit-db.com: 5494 exploitx_transferred
- secunia.com: 29997 third-party-advisoryx_transferred
- http://www.minibb.net/forums/9_5110_0.html x_transferred