Description
Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP GuestMap Multiple Cross-Site Scripting Vulnerabilities (1.8)
MySQL CVE-2016-0647 Vulnerability (CVE-2016-0647)
WordPress Plugin Post Grid, List for WordPress-Content Views Cross-Site Scripting (1.6.1)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)
Oracle Database Server CVE-2010-3590 Vulnerability (CVE-2010-3590)