Information disclosure

bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files...

HTB22904: Path disclosure in bbPress

Vulnerability ID: HTB22904 Reference: http://www.htbridge.ch/advisory/pathdisclosureinbbpress.html Product: bbPress Vendor: http://bbpress.org http://bbpress.org Vulnerable Version: 1.0.3 Vendor Notification: 15 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech Brid...