CVE-2009-3756

Name of the Vulnerable Software and Affected Versions phpBMS version 0.96

Description The issue allows remote attackers to obtain sensitive information via direct requests to specific files, including footer.php, header.php, the show action in advancedsearch.php, and choicelist.php. These requests can reveal the installation path in an error message.

Recommendations For phpBMS version 0.96, consider restricting access to the files footer.php, header.php, advancedsearch.php, and choicelist.php to minimize the risk of exploitation. As a temporary workaround, limit the information disclosed in error messages to prevent revealing sensitive details about the installation path.