2005-12-05 11:00:00
mitre
PUBLISHED
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message.