XRMS CRM 1.99.2 allows remote malicious users to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
xrms xrms crm 1.99.2