Description
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
Remediation
References
Related Vulnerabilities
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15098)
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7)
Oracle HTTP Server Other Vulnerability (CVE-2012-2751)
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
WordPress Plugin Spreadsheet (wpSS) 'ss_id' Parameter SQL Injection (0.61)