Invision Power Board Error Message Path Disclosure Vulnerability

It has been reported that Invision Power Board may be prone to an information disclosure vulnerability that may allow an attacker to disclose the installation path. This issue can be exploited by issuing an invalid request for uploading an image file. The path is reportedly included in an error message displayed by the server.

Invision Board version 1.3 is reported to be vulnerable to this issue; however, it is possible that other versions are affected as well.


Privacy Statement
Copyright 2010, SecurityFocus