Description
MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (2.0.3)
WordPress Plugin Dark Mode Cross-Site Scripting (1.6)
WordPress Plugin Event List Cross-Site Scripting (0.7.9)
Oracle Database Server CVE-2010-2407 Vulnerability (CVE-2010-2407)
WordPress Plugin blogVault Real-time Backup PHP Object Injection (1.44)