Description
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2019-2999 Vulnerability (CVE-2019-2999)
Squid Out-of-bounds Read Vulnerability (CVE-2021-28116)
TYPO3 Improper Input Validation Vulnerability (CVE-2019-11832)
WordPress Plugin PushEngage Web Push Notifications Cross-Site Scripting (1.5.8)
WordPress Plugin ReviewX-Multi-criteria Rating & Reviews for WooCommerce SQL Injection (1.6.8)