Description
ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain other files.
Remediation
References
Related Vulnerabilities
OpenSSL Cryptographic Issues Vulnerability (CVE-2016-0800)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (4.4.3)
WordPress Plugin AB Press Optimizer Multiple Cross-Site Scripting Vulnerabilities (1.1.1)