Description
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Yearly Archive Cross-Site Scripting (2.1.8)
WordPress Plugin 404page-your smart custom 404 error page Cross-Site Request Forgery (10.3)
WordPress Plugin Gallery-Flagallery Photo Portfolio 'facebook.php' Cross-Site Scripting (1.56)
Oracle JRE CVE-2022-21628 Vulnerability (CVE-2022-21628)
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)