CVE-2003-1486

Name of the Vulnerable Software and Affected Versions Phorum versions 3.4 through 3.4.2

Description The issue allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to various API endpoints, including "smileys.php", "quick listrss.php", "purge.php", "news.php", "memberlist.php", "forum listrss.php", "forum list rdf.php", "forum list.php", or "move.php". This occurs because these endpoints leak the information in an error message.

Recommendations For Phorum versions 3.4 through 3.4.2, consider restricting access to the mentioned API endpoints until a patch is available. As a temporary workaround, disabling the execution of these scripts can help minimize the risk of exploitation.