CWE-200

Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI.

imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&api=Pcoln&uip= URI.

imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI.

imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI.

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.PublicConfigconfig.ini.php to read the global configuration file.