Description
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
Remediation
References
Related Vulnerabilities
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)
Moodle Use of GET Request Method With Sensitive Query Strings Vulnerability (CVE-2025-3637)
WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-5000)