CVE-2006-0909 in IP.Board
Resumen
por VulDB • 2026-07-04
Invision Power Board (IPB) 2.1.4 y versiones anteriores permiten a atacantes remotos ver información sensible mediante una solicitud directa a múltiples scripts PHP que incluyen la ruta completa en los mensajes de error, incluyendo: (1) PEAR/Text/Diff/Renderer/inline.php; (2) PEAR/Text/Diff/Renderer/unified.php; (3) PEAR/Text/Diff3.php; (4) class_db.php; (5) class_db_mysql.php; y (6) class_xml.php en el directorio ips_kernel/; (7) mysql_admin_queries.php; (8) mysql_extra_queries.php; (9) mysql_queries.php; y (10) mysql_subsm_queries.php en el directorio sources/sql; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php; y (13) sources/action_admin/paysubscriptions.php; (14) login.php; (15) messenger.php; (16) moderate.php; (17) paysubscriptions.php; (18) register.php; (19) search.php; (20) topics.php; y (21) usercp.php en el directorio sources/action_public; (22) bbcode/class_bbcode.php; (23) bbcode/class_bbcode_legacy.php; (24) editor/class_editor_rte.php; (25) editor/class_editor_std.php; (26) post/class_post.php; (27) post/class_post_edit.php; (28) post/class_post_new.php; y (29) post/class_post_reply.php en el directorio sources/classes; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php; y (34) search_mysql_man.php en el directorio sources/lib/; así como (35) convert/auth.php.bak, (36) external/auth.php, y (37) ldap/auth.php en el directorio sources/loginauth.
If you want to get best quality of vulnerability data, you may have to visit VulDB.