stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Destiney_rated_images_script | Greg_donald | 0.5.0 (including) | 0.5.0 (including) |