Description
FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2014-4300 Vulnerability (CVE-2014-4300)
WordPress Plugin One Click SSL Cross-Site Request Forgery (1.4.6)
WordPress Plugin WP OAuth Server (OAuth Authentication) Cross-Site Scripting (4.2.1)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2022-21663)
WildFly Application Server Uncontrolled Resource Consumption Vulnerability (CVE-2016-9589)