CVE-2008-2028

CVE-2008-2028 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.

Learn more about our Web Application Penetration Testing UK.