PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by gzip.php.

Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database."

PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.