CVE-2006-1914

Name of the Vulnerable Software and Affected Versions DbbS versions 2.0-alpha and earlier

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via an invalid fcategoryid parameter to the "topics.php" endpoint or through the unavariabile, GLOBALS, or SERVER[] parameters to the "script.php" endpoint. The information leak might be a result of a global variable overwrite issue.

Recommendations For DbbS versions 2.0-alpha and earlier, consider restricting access to the "topics.php" and "script.php" endpoints until a fix is available. As a temporary workaround, avoid using the fcategoryid, unavariabile, GLOBALS, and SERVER[] parameters in the affected endpoints to minimize the risk of exploitation.