Description
Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Statistics Remote Code Execution (1.8)
WordPress Plugin Push Notifications for WordPress (Lite) Cross-Site Request Forgery (6.0)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.23)
WordPress Plugin Theme Editor Arbitrary File Download (2.5)
WordPress Plugin CSS Plus Multiple Unspecified Vulnerabilities (1.3.1)