CVE-2007-0690

myEvent 1.6 allows remote attackers to obtain sensitive information via 1 a Log In action without a password to login.php, or an invalid 2 view or 3 monthno parameter to myevent.php, which reveals the path in various error messages...