YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Yabb | Yabb | 1.5.1 (including) | 1.5.1 (including) |