eStore is prone to a path disclosure vulnerability.
It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.
Brooky eStore settings.inc.php Information Disclosure
Remote / Network Access
Loss of Confidentiality
Brooky eStore contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specially crafted URL request to the 'settings.inc.php' script, which will disclose the installation path resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.