CVE-2006-6113

Name of the Vulnerable Software and Affected Versions Monkey Boards version 0.3.5

Description The issue allows remote attackers to obtain sensitive information via direct requests to API endpoints such as "include/admin auth.inc.php" and "include/engine/class.compiler.php". This occurs because these endpoints reveal the full path in an error message. It is noted that this issue only constitutes an exposure if the administrator has changed the default script path.

Recommendations For Monkey Boards version 0.3.5, consider restricting access to the "include/admin auth.inc.php" and "include/engine/class.compiler.php" endpoints to minimize the risk of exploitation. Additionally, administrators should review their script path configurations to ensure they are using the default settings, thereby reducing the exposure risk.