The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Invision_board | Invision_power_services | 1.0 (including) | 1.0 (including) |
| Invision_board | Invision_power_services | 1.0.1 (including) | 1.0.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=103290602609197\u0026w=2
- http://www.iss.net/security_center/static/10178.php
- http://www.osvdb.org/3356
- http://www.securityfocus.com/bid/5789
- http://marc.info/?l=bugtraq\u0026m=103290602609197\u0026w=2
- http://www.iss.net/security_center/static/10178.php
- http://www.osvdb.org/3356
- http://www.securityfocus.com/bid/5789