Description
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Z-Vote 'zvote' Parameter SQL Injection (1.1)
PHP Improper Input Validation Vulnerability (CVE-2015-8879)
Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)
WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (4.41)