CVE-2009-3756 Information

Description

phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php (2) header.php (3) the show action in advancedsearch.php and (4) choicelist.php which reveals the installation path in an error message.

Reference

http://www.exploit-db.com/exploits/9101 https://exchange.xforce.ibmcloud.com/vulnerabilities/51652