Public CVE-2008-0148 disclosure

TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.