CVE-2007-1901

CVE-2007-1901 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message.

Learn more about our Web Application Penetration Testing UK.