HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function.Referenceshttp://osvdb.org/55962http://secunia.com/advisories/35895https://exchange.xforce.ibmcloud.com/vulnerabilities/51830http://packetstormsecurity.org/0907-exploits/hubscript-xssphpinfo.txt
