CVE-2006-1345

Name of the Vulnerable Software and Affected Versions MyBB versions 1.10

Description The issue allows remote attackers to obtain sensitive information. This is achieved by sending a vote action with an option[] parameter value set to null, which results in an error message that reveals the path.

Recommendations For MyBB version 1.10, as a temporary workaround, consider restricting access to the polls.php file until a patch is available. Avoid using the option[] parameter in the affected endpoint until the issue is resolved.