Description
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
Remediation
References
Related Vulnerabilities
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)
Drupal Core 8.8.x Information Disclosure (8.8.0 - 8.8.9)
WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0)
WordPress Plugin Social Share Icons & Social Share Buttons Cross-Site Scripting (3.0.5)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.3.5)