Description
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.5.1)
MySQL CVE-2021-35575 Vulnerability (CVE-2021-35575)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8093)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3628)