Description
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2018-8040)
Joomla CVE-2012-2748 Vulnerability (CVE-2012-2748)
Apache HTTP Server Other Vulnerability (CVE-2001-1342)
WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4584)