2009-01-22 02:00:00
mitre
PUBLISHED
front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter.