Back to search
CVE-2008-2028
Published: Apr 30, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php, which leaks the path in an error message.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
minibb-bbfuncregusr-info-disclosure(42012)
vdb-entry
x_refsource_XF
5494
exploit
x_refsource_EXPLOIT-DB
29997
third-party-advisory
x_refsource_SECUNIA
http://www.minibb.net/forums/9_5110_0.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now