Description
e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
Remediation
References
Related Vulnerabilities
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5621)
WordPress 3.7.3 Multiple Vulnerabilities (3.7 - 3.7.3)
WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.9.0.2)
PHP Other Vulnerability (CVE-2007-1475)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-36326)