index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.
https://www.exploit-db.com/exploits/2704
http://www.freewebshop.org/?id=27
Source: Mitre, NVD
Published: 2007-01-19
Updated: 2026-06-16
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Severity: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS: 0.02467