2005-05-10 04:00:00
mitre
PUBLISHED
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.