CVE-2004-1581

Name of the Vulnerable Software and Affected Versions BlackBoard version 1.5.1

Description The issue allows remote attackers to gain sensitive information via a direct request to API endpoints such as "checkdb.inc.php", "admin.inc.php", or "cp.inc.php". This is possible because these endpoints reveal the path in a PHP error message.

Recommendations For BlackBoard version 1.5.1, consider restricting access to the "checkdb.inc.php", "admin.inc.php", and "cp.inc.php" endpoints to minimize the risk of exploitation. As a temporary workaround, disable error message displays for these endpoints until a patch is available.