2005-12-14 11:00:00
mitre
PUBLISHED
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG[_PKG_PATH_DBSE] variable is not defined.