CVE-2005-2565

Name of the Vulnerable Software and Affected Versions Gravity Board X (GBX) version 1.1

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via several methods, including setting the perm parameter to 1 in the "deletethread.php" page or by making direct requests to various pages such as "ban.php", "addnews.php", "banned.php", "boardstats.php", "adminform.php", "/forms/admininfo.php", "/forms/announcements.php", "forms/banform.php", or other pages within the "/forms" directory. These actions can reveal the path in an error message.

Recommendations For Gravity Board X (GBX) version 1.1, consider restricting access to the sensitive pages and parameters, such as the perm parameter in "deletethread.php", until a proper fix is available. As a temporary workaround, limit access to the "/forms" directory to minimize the risk of exploitation.