CVE-2008-2028

Name of the Vulnerable Software and Affected Versions miniBB versions 2.2 and earlier

Description The issue allows remote attackers to obtain the full path of the system via a direct request to the glang parameter in a registernew action to "index.php". This is possible when register globals is enabled, and it leaks the path in an error message.

Recommendations For miniBB versions 2.2 and earlier, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the index.php file, specifically the registernew action, until a patch is available. Avoid using the glang parameter in the affected API endpoint until the issue is resolved.