[原文]Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application.
XMB Forum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user directly calls the phpinfo.php script, which will disclose information about the victim system, resulting in a loss of confidentiality.
Upgrade to version 1.9.1 Final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.