MercuryBoard index.php debug Information Disclosure
Remote / Network Access
Loss of Confidentiality
MercuryBoard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user manipulates the index.php script and appends "&debug=1" to it. This may disclose SQL queries, files in use, web path disclosure, and templates used resulting in a loss of confidentiality.
Upgrade to version 1.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.