install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.Referenceshttp://www.zion-security.com/text/Mul_Vulnerability_DeskPro.txt
