index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values.Referenceshttp://www.securityfocus.com/archive/1/438859/100/0/threadedhttp://secunia.com/advisories/20936https://exchange.xforce.ibmcloud.com/vulnerabilities/27506http://www.acid-root.new.fr/advisories/news52.txt
