A vulnerability has been reported in Zorum message board software that allows a remote attacker to send a malformed HTTP request resulting in a disclosure of the installation path.
This issue may allow an attacker to gain knowledge of the file system in order to mount further attacks against the host.
Zorum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malformed HTTP request is sent to the index.php
?method variable, which will disclose installation path information resulting in a loss of confidentiality.
Upgrade to version 3.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.