BadBlue 2.4 allows remote malicious users to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
working resources inc. badblue 2.40 |