The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10853
http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html