2018-02-12 03:00:00
mitre
PUBLISHED
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.