Description
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.1)
Apache Tomcat Improper Access Control Vulnerability (CVE-2014-7810)
WordPress Plugin Evarisk 'uploadPhotoApres.php' Arbitrary File Upload (5.1.5.4)
Jenkins Missing Authorization Vulnerability (CVE-2021-21694)
Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)