viewforum.php in Ultimate PHP Board (UPB) 1.8 up to and including 1.9.6 allows remote malicious users to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ultimate php board ultimate php board 1.8.2 |
||
ultimate php board ultimate php board 1.9 |
||
ultimate php board ultimate php board 1.8 |
||
ultimate php board ultimate php board 1.9.6 |