PHPCounter 7.2 allows remote malicious users to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message.
phpcounter phpcounter 7.2