2005-09-14 04:00:00
mitre
PUBLISHED
WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php.