CVE-2005-4214
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG[‘_PKG_PATH_DBSE’] variable is not defined.
Date published : 2005-12-14
http://www.securityfocus.com/archive/1/419382/100/0/threaded