Description
ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files.
Remediation
References
Related Vulnerabilities
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-40690)
Serendipity URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-5474)
WordPress Plugin PowerPress Podcasting by Blubrry SQL Injection (6.0.2)
WordPress Plugin WP Mobile Detector Unspecified Vulnerability (2.1)