CyberSec.Space Logo
Back to CVE Browser

CVE-2005-1616

HIGH
7.5
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile20.69th
PublishedMay 16, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.

Affected Platforms (CPE)

πŸ“¦
Ultimate Php Board

Ultimate Php Board

= 1.8
πŸ“¦
Ultimate Php Board

Ultimate Php Board

= 1.8.2
πŸ“¦
Ultimate Php Board

Ultimate Php Board

= 1.9
πŸ“¦
Ultimate Php Board

Ultimate Php Board

= 1.9.6

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=111600262424876&w=2
πŸ”— http://marc.info/?l=bugtraq&m=111600262424876&w=2

Related Vulnerabilities

CVE-2006-320310.0

The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which ...

CVE-2002-18209.8

register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote...

CVE-2005-16157.5

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder pa...

CVE-2003-03957.5

Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP r...