index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by , which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpclanwebsite | Phpclanwebsite | 1.23.1 (including) | 1.23.1 (including) |