Mambo Site Server 4.0.11 allows remote malicious users to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mambo site server 4.0.11 |