Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
piwigo lexiglot |