Vulnerability Details CVE-2007-1901
SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.1%
CVSS Severity
CVSS v2 Score 4.3
References
- http://marc.info/?l=full-disclosure&m=117914586003786&w=2
- http://osvdb.org/34701
- http://osvdb.org/34702
- http://osvdb.org/34703
- http://secunia.com/advisories/25279
- http://www.netvigilance.com/advisory0018
- http://www.osvdb.org/33906
- http://www.securityfocus.com/archive/1/468535/100/0/threaded
- http://www.vupen.com/english/advisories/2007/1816
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34259
- http://marc.info/?l=full-disclosure&m=117914586003786&w=2
- http://osvdb.org/34701
- http://osvdb.org/34702
- http://osvdb.org/34703
- http://secunia.com/advisories/25279
- http://www.netvigilance.com/advisory0018
- http://www.osvdb.org/33906
- http://www.securityfocus.com/archive/1/468535/100/0/threaded
- http://www.vupen.com/english/advisories/2007/1816
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34259