home.php in ARSC (Really Simple Chat) 1.0.1 and previous versions allows remote malicious users to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
arsc really simple chat arsc really simple chat 1.0.1 |
||
arsc really simple chat arsc really simple chat 1.0 |