[原文]MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.
MidiCart PHP Shopping Cart Multiple Script Direct Request Path Disclosure
Remote / Network Access
Loss of Confidentiality
MidiCart PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests scripts such as 'search_list.php', 'item_list.php' or 'item_show.php' which will disclose the full installation path. This occurs due to undefined variables triggering an error when display_errors is set to 'ON' in the php.ini file.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.