Description
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media from FTP PHP Object Injection (9.79)
PHP Other Vulnerability (CVE-2003-0097)
MediaWiki Insecure Storage of Sensitive Information Vulnerability (CVE-2021-36127)
OpenVPN AS Use After Free Vulnerability (CVE-2023-46850)
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Cross-Site Request Forgery (2.2)