CVE-2006-0909 in IP.Board
Сводка
по VulDB • 04.07.2026
В Invision Power Board (IPB) версий 2.1.4 и более ранних удаленные злоумышленники могут просматривать конфиденциальную информацию путем прямого запроса к нескольким PHP-скриптам, которые включают полный путь в сообщениях об ошибках, включая:
(1) PEAR/Text/Diff/Renderer/inline.php; (2) PEAR/Text/Diff/Renderer/unified.php; (3) PEAR/Text/Diff3.php; (4) class_db.php; (5) class_db_mysql.php; и (6) class_xml.php в каталоге ips_kernel/;
(7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php и (10) mysql_subsm_queries.php в каталоге sources/sql;
(11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php и (13) sources/action_admin/paysubscriptions.php;
(14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php и (21) usercp.php в каталоге sources/action_public;
(22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php и (29) post/class_post_reply.php в каталоге sources/classes;
(30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php;
(33) search_mysql_ftext.php и (34) search_mysql_man.php в каталоге sources/lib/; а также:
(35) convert/auth.php.bak, (36) external/auth.php и (37) ldap/auth.php в каталоге sources/loginauth.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.