[原文]Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message.
AWF-CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker adds the variable "mode" to a request for unspecified scripts, which causes an error message which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.