Description
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin RoyalSlider Cross-Site Scripting (3.2.6)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.14)
WordPress Plugin Social Metrics Tracker Cross-Site Scripting (1.6.8)
WordPress 4.1.x Prototype Pollution (4.1 - 4.1.34)
WordPress Plugin Add Any Extension to Pages Cross-Site Scripting (1.3)