phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Phprofession |
Phprofession |
2.5 (including) |
2.5 (including) |
References