CVE-2006-2278
SaphpLesson 3.0 contains an input handling flaw: it does not initialize array variables, enabling an attacker to disclose the full filesystem path via non-array parameters. The affected vectors are (1) hrow to show.php or index.php; (2) Lsnrow to showcat.php; and (3) rows to index.php. This is a ...