CVE-2007-1901

Name of the Vulnerable Software and Affected Versions: SonicBB version 1.0

Description: The issue allows remote attackers to obtain sensitive information. This is achieved via the by[] parameter to "search.php", the p[] parameter to "viewforum.php", and the id parameter to either "viewforum.php" or "members.php". The installation path is revealed in the resulting error message.

Recommendations: For SonicBB version 1.0, as a temporary workaround, consider restricting access to the "search.php", "viewforum.php", and "members.php" scripts until a patch is available. Avoid using the by[] and p[] parameters in the affected API endpoints, and restrict the use of the id parameter in "viewforum.php" and "members.php" to minimize the risk of exploitation.