Description
ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29509)
Perl Out-of-bounds Read Vulnerability (CVE-2018-18313)
WordPress Plugin Simple Download Monitor Multiple Cross-Site Request Forgery Vulnerabilities (3.9.8)
WordPress Plugin WP Symposium Pro Social Network Cross-Site Scripting (16.01)
WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (1.0.0)