[原文]phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message.
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'maintenance-cleantables.php' script, which will disclose the full installation path resulting in a loss of confidentiality.
Upgrade phpPgAds or phpAdsNew to version 2.0.4-pr2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.