list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
Affected Software
Name |
Vendor |
Start Version |
End Version |
W-agora |
W-agora |
4.1.6a (including) |
4.1.6a (including) |
References