Description
SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
TYPO3 Improper Authentication Vulnerability (CVE-2022-23501)
WordPress Plugin Download Plugin Security Bypass (1.6.0)
WordPress Plugin Spiffy Calendar Security Bypass (4.9.10)
WordPress Plugin Hana Flv Player Cross-Site Scripting (3.1.3)
WordPress Plugin Google Analytics Dashboard SQL Injection (2.0.4)