Description
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14539 Vulnerability (CVE-2020-14539)
WordPress Plugin WooCommerce-Store Exporter CSV Injection (2.3.1)
WordPress Plugin Subscribe To Comments Reloaded Multiple Vulnerabilities (140204)
WordPress Plugin BuddyPress Activity Plus Cross-Site Scripting (1.6.3)
Atlassian Jira CVE-2020-14178 Vulnerability (CVE-2020-14178)