Description
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1)
WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)
Oracle JRE CVE-2017-10281 Vulnerability (CVE-2017-10281)
MediaWiki Missing Authorization Vulnerability (CVE-2021-30155)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0800)