Description
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5660)
WordPress Plugin Top 10-Popular posts for WordPress Multiple Vulnerabilities (3.2.4)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Unspecified Vulnerability (2.6.4)
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813)