CVE-2006-0909

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) versions 2.1.4 and earlier

Description The issue allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages. This affects various scripts in different directories, including ips kernel, sources/sql, sources/acp loaders, sources/action admin, sources/action public, sources/classes, sources/components acp, sources/handlers, sources/lib, and sources/loginauth.

Recommendations For Invision Power Board (IPB) versions 2.1.4 and earlier, consider updating to a version later than 2.1.4 to resolve the issue. If an update is not available, as a temporary workaround, restrict access to the vulnerable PHP scripts to minimize the risk of exploitation.