Description
MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin Companion Sitemap Generator Cross-Site Request Forgery (3.6.6)
Oracle JRE CVE-2013-2425 Vulnerability (CVE-2013-2425)
Joomla! Core 3.x.x Information Disclosure (3.7.0 - 3.8.1)
WordPress Plugin Browser Blocker Cross-Site Scripting (0.5.6)
WordPress Plugin Service Area Postcode Checker Cross-Site Scripting (2.0.8)