Description
LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin PDF Viewer Block for Gutenberg Cross-Site Scripting (1.0)
WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.5.51)
WordPress Plugin Video Gallery-Best WordPress YouTube Gallery Multiple Vulnerabilities (1.7.6)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2020-36238)
WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)