Description
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Podcast Subscribe Buttons Cross-Site Scripting (1.4.1)
WordPress Plugin Job Manager Multiple Cross-Site Scripting Vulnerabilities (0.7.18)
WordPress Insecure Default Initialization of Resource Vulnerability (CVE-2017-5491)
Opencart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47444)