[原文]BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message.
Yves Goergen BlackBoard Internet Newsboard System checkdb.inc.php Path Disclosure
Remote / Network Access
Loss of Confidentiality
Yves Goergen BlackBoard Internet Newsboard contains a flaw that may lead to unauthorized information disclosure. The issue is triggered when a user attempts to incorrectly access "checkdb.in.php" and receives an error message, which will disclose server path information resulting in a loss of confidentiality.
Upgrade to version 1.5.1h or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.