CVE-2008-2028 Information

Description

miniBB 2.2 and possibly earlier when register_globals is enabled allows remote attackers to obtain the full path via a direct request to the glang parameter in a registernew action to index.php which leaks the path in an error message.

Reference

http://secunia.com/advisories/29997/ http://www.minibb.net/forums/9_5110_0.html https://exchange.xforce.ibmcloud.com/vulnerabilities/42012 https://www.exploit-db.com/exploits/5494