Muscat Empower CGI program allows remote malicious users to obtain the absolute pathname of the server via an invalid request in the DB parameter.
brightstation muscat empower 1.0