Description
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Captchinoo, Google recaptcha for admin login page Cross-Site Request Forgery (2.4)
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-6385)
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Security Bypass (1.12)
WordPress Plugin Fluid Responsive Slideshow Multiple Vulnerabilities (2.2.6)