Description
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jigoshop Unspecified Vulnerability (1.10.5)
WordPress Plugin Advanced Order Export For WooCommerce CSV Injection (1.5.4)
WordPress Plugin Simple Personal Message SQL Injection (1.0.3)
Nginx Other Vulnerability (CVE-2016-0746)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0113)