Description
FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Email posts to subscribers Multiple Vulnerabilities (2.0)
WordPress Plugin Integration for Contact Form 7 and Mailchimp Cross-Site Scripting (1.0.9)
WordPress Plugin User Meta 'uploader.php' Arbitrary File Upload (1.1.1)
WordPress Plugin Article Directory Redux Cross-Site Scripting (1.0.2)