Description
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.2.3)
WordPress 'cat' Parameter SQL Injection Vulnerability (1.5 - 1.5.1.1)
WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)
WordPress Plugin Ceceppa Multilingua Unspecified Vulnerability (1.5.3)