2007-06-11 22:00:00
mitre
PUBLISHED
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to [ and ] characters.