[原文]PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.
phpBB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides an invalid argument to the category_rows variable in the index.php script occurs, which will disclose the physical path of the installation resulting in a loss of confidentiality.
Upgrade to version 2.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.