Description
qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285)
WordPress Plugin WooCommerce Address Book Cross-Site Request Forgery (1.5.6)
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398)
Oracle JRE CVE-2020-2773 Vulnerability (CVE-2020-2773)
WordPress Plugin BuddyPress Multiple Security Bypass Vulnerabilities (7.2.1)