2007-06-12 02:00:00
mitre
PUBLISHED
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to [ and ] characters.