Description
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Twitter Feed Cross-Site Scripting (1.1)
WordPress Plugin Comment Rating Cross-Site Request Forgery (2.9.20)
Jenkins Improper Input Validation Vulnerability (CVE-2021-21606)
Joomla! Core Security Bypass (2.5.0 - 3.9.15)
Internet Information Services Configuration Vulnerability (CVE-1999-0725)