Description
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files.
Remediation
References
Related Vulnerabilities
Django Improper Input Validation Vulnerability (CVE-2015-5144)
Jenkins Insufficient Verification of Data Authenticity Vulnerability (CVE-2015-7539)
WordPress Plugin Easy Contact Form Solution Cross-Site Scripting (1.6)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15695)
WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.17)