CVE-2007-0689

Name of the Vulnerable Software and Affected Versions MyBB version 1.2.4

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via the action[] parameter to "member.php", the imagehash[] parameter to "captcha.php", and a direct request to "inc/datahandlers/event.php". These actions reveal the installation path in the resulting error message.

Recommendations For MyBB version 1.2.4, consider restricting access to the "member.php" and "captcha.php" scripts, and avoid direct requests to "inc/datahandlers/event.php" until a fix is available. As a temporary workaround, consider modifying the error handling in "inc/datahandlers/event.php" to prevent the disclosure of sensitive information.