Description
WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615)
OpenSSL Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-2650)
WordPress Plugin EU Cookie Law for GDPR/CCPA Cross-Site Scripting (3.1.6)
Apache HTTP Server CVE-2024-40725 Vulnerability (CVE-2024-40725)