Description
The web server has several virtual hosts. Due to an incorrect configuration of virtual hosts, files of one virtual host is located inside a directory of another one. Therefore, an attacker may access parts of the source code of your web application.
Remediation
Change vitrual hosts configuration, so each of them have a separate root directory
References
Related Vulnerabilities
WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3542)
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability