2005-02-20 05:00:00
mitre
PUBLISHED
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.