CVE-2009-4466

Name of the Vulnerable Software and Affected Versions DeluxeBB version 1.3

Description The issue allows remote attackers to obtain sensitive information by providing a crafted page parameter to the "misc.php" endpoint, which reveals the installation path in an error message. This might be related to improperly controlled computation in "tools.php" that could lead to a denial of service due to CPU or memory consumption.

Recommendations For DeluxeBB version 1.3, as a temporary workaround, consider restricting access to the "misc.php" endpoint until a patch is available. Additionally, review the computation controls in "tools.php" to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.