CVE-2011-3759

Name of the Vulnerable Software and Affected Versions MyBB versions 1.6

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is achieved by revealing the installation path in an error message. For example, files such as inc/3rdparty/diff/Diff/ThreeWay.php can be targeted to exploit this issue.

Recommendations For MyBB version 1.6, consider restricting access to sensitive .php files, such as those in the inc/3rdparty/diff/Diff directory, to minimize the risk of exploitation.