Description
ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files.
Remediation
References
Related Vulnerabilities
Nginx Insufficient Session Expiration Vulnerability (CVE-2014-3616)
WordPress Plugin Slickr Flickr Cross-Site Scripting (2.8.1)
WordPress Plugin Category Order and Taxonomy Terms Order Cross-Site Scripting (1.4.6)
WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)