Dotclear Other Vulnerability - CVE-2006-3938

DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php (2) index.php (3) edit_link.php in ecrire/tools/blogroll/ (4) syslog/index.php (5) thememng/index.php (6) toolsmng/index.php (7) utf8convert/index.php in /ecrire/tools/ (8) /ecrire/inc/connexion.php and (9) /inc/session.php (10) class.blog.php (11) class.blogcomment.php (12) and class.blogpost.php in /inc/classes/ (13) append.php (14) class.xblog.php (15) class.xblogcomment.php and (16) class.xblogpost.php in /layout/ (17) form.php (18) list.php (19) post.php or (20) template.php in /themes/default/ which reveal the installation path in error messages.