Description
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin All in One Social Lite Server-Side Request Forgery (1.0)
WordPress Plugin WP Activity Log Information Disclosure (3.1.1)
Atlassian Jira CVE-2019-20403 Vulnerability (CVE-2019-20403)
WordPress Plugin Spectra-WordPress Gutenberg Blocks Security Bypass (1.14.7)
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-1149)