Vulnerabilities > CVE-2007-1901 - Information Disclosure vulnerability in Sonicbb 1.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE network
sonicbb
Summary
SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message. Successful exploitation requires that "magic_quotes_gpc" is disabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://marc.info/?l=full-disclosure&m=117914586003786&w=2
- http://osvdb.org/34701
- http://osvdb.org/34702
- http://osvdb.org/34703
- http://secunia.com/advisories/25279
- http://www.netvigilance.com/advisory0018
- http://www.osvdb.org/33906
- http://www.securityfocus.com/archive/1/468535/100/0/threaded
- http://www.vupen.com/english/advisories/2007/1816
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34259