index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.Referenceshttps://www.exploit-db.com/exploits/2704http://www.freewebshop.org/?id=27
