Description
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.11)
MediaWiki Incorrect Default Permissions Vulnerability (CVE-2017-0369)
WordPress Plugin Real Estate Website Builder 'ajax_action' Parameter Cross-Site Scripting (0.1.0)
WordPress Plugin Advanced Booking Calendar Cross-Site Scripting (1.6.7)
WordPress Plugin EZPZ One Click Backup 'mail' Parameter Cross-Site Scripting (12.03.10)