PT-2006-3189 · Openbb · Openbb
Devil-00
·
Publicado
2006-05-05
·
Atualizado
2018-10-18
·
CVE-2006-2216
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Open Bulletin Board (OpenBB) version 1.0.8
Description
The issue allows remote attackers to obtain the full path of the web server. This can be achieved by providing an invalid
pforums parameter to API endpoints such as "misc.php" and "member.php".Recommendations
For OpenBB version 1.0.8, consider restricting access to the "misc.php" and "member.php" endpoints until a patch is available. As a temporary workaround, avoid using the invalid
pforums parameter in these endpoints to minimize the risk of exploitation.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openbb