CVE-2009-2329 Information

Description

KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php or (2) voting_diagram.php (3) voting.php (4) topics_search.php (5) topics_list.php (6) top_part.php (7) quick_search.php (8) quick_reply.php (9) moder_menu.php (10) messages_list.php (11) menu.php (12) head.php (13) forums_list.php (14) forum_statistics.php (15) forum_info.php or (16) birthday.php in include_files/ which reveals the installation path in an error message.

Reference

http://www.exploit-db.com/exploits/9068