Description
XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2007-5517 Vulnerability (CVE-2007-5517)
Python Other Vulnerability (CVE-2006-1542)
WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)
WordPress Plugin Advanced Ads-Ad Manager & AdSense Cross-Site Scripting (1.17.3)
Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246)