[原文]viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
phpBB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an invalid date is passed to the viewtopic.php script, which will disclose the software installation path resulting in a loss of confidentiality.
Upgrade to version 2.0.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.