[原文]mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
eNdonesia contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a quote character is supplied to the mod variable in mod.php, which will disclose installation path information resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.