CVE-2004-0729

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.8

Description The issue allows remote attackers to gain sensitive information. This is achieved by providing an invalid parameter to certain API endpoints, which then reveal the full path in an error message. Specifically, this can be done through the category rows parameter to "index.php", the faq parameter to "faq.php", or the ranksrow parameter to "profile.php".

Recommendations For phpBB version 2.0.8, consider restricting access to the vulnerable API endpoints "index.php", "faq.php", and "profile.php" until a fix is available. As a temporary workaround, avoid using the category rows, faq, and ranksrow parameters in these endpoints to minimize the risk of exploitation.