2005-03-12 05:00:00
mitre
PUBLISHED
eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message.