Description
b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy PayPal Gift Certificate Multiple Vulnerabilities (1.2.3)
Grafana CVE-2022-39201 Vulnerability (CVE-2022-39201)
WordPress Plugin SMTP Mail SQL Injection (1.2.1)
WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3)
WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.46.7212)