2007-06-20 21:00:00
mitre
PUBLISHED
categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a (quote) character in the cid parameter, which reveals the path in a forced SQL error message.