EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.Referenceshttps://github.com/kongxin520/EmpireCMS/blob/master/EmpireCMS.mdhttps://kongxin.gitbook.io/empirecms/
