Invision.Board.PHPINFO.PHP.Information.Disclosure
Description
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.
Affected Products
Invision Power Services Invision Board 1.0.1
Invision Power Services Invision Board 1.0
Impact
Information disclosure.
Recommended Actions
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove the phpinfo.php file from the web server.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |