Description
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.136.3)
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)
MySQL CVE-2021-35645 Vulnerability (CVE-2021-35645)
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)
Internet Information Services CVE-2002-1790 Vulnerability (CVE-2002-1790)