Brooky eStore 1.0.1 up to and including 1.0.2b allows remote malicious users to obtain sensitive path information via a direct HTTP request to settings.inc.php.
source: wwwsecurityfocuscom/bid/8220/info
eStore is prone to a path disclosure vulnerability
It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error The resulting error message will disclose potentially sensitive installation path information to the remote ...