Description
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Improper Authentication Vulnerability (CVE-2021-44759)
WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Scripting (2.6.11)
TYPO3 Other Vulnerability (CVE-2006-0327)
WordPress Plugin WooCommerce Affiliate-Coupon Affiliates Cross-Site Request Forgery (4.11.3.3)
WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] Security Bypass (0.10.1)