Intrusion Prevention

Invision.Board.PHPINFO.PHP.Information.Disclosure

Description

The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings.

Affected Products

Invision Power Services Invision Board 1.0.1
Invision Power Services Invision Board 1.0

Impact

Information disclosure.

Recommended Actions

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Remove the phpinfo.php file from the web server.

CVE References

CVE-2005-3388