BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1557)