Description
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin The Plus Addons for Elementor Cross-Site Scripting (4.1.11)
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-15901)
Apache read beyond bounds in mod_isapi Vulnerability (CVE-2022-28330)
Chamilo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-9540)