mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message.
Publication date: Sun, 10 Dec 2006 08:28:00 +0000