HLstats 1.20 up to and including 1.34 allows remote malicious users to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hlstats hlstats 1.20 |
||
hlstats hlstats 1.34 |