Description
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
Magento Improper Authorization Vulnerability (CVE-2020-24402)
Oracle JRE CVE-2019-2945 Vulnerability (CVE-2019-2945)
Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8167)
WordPress Plugin Custom Post Type UI Cross-Site Scripting (1.1.1)
IBM RTC Improper Privilege Management Vulnerability (CVE-2021-29774)