CVE-2005-2003

Name of the Vulnerable Software and Affected Versions Ultimate PHP Board (UPB) version 1.9.6 GOLD

Description The issue allows remote attackers to obtain sensitive information by providing an invalid id parameter, set to zero, to specific API endpoints, including "viewtopic.php", "profile.php", or "newpost.php". This action reveals the path in an error message.

Recommendations For Ultimate PHP Board (UPB) version 1.9.6 GOLD, consider validating the id parameter to prevent the disclosure of sensitive information. As a temporary workaround, restrict access to the "viewtopic.php", "profile.php", and "newpost.php" endpoints to minimize the risk of exploitation. Avoid using the id parameter with a value of zero in these endpoints until the issue is resolved.