Description
FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files.
Remediation
References
Related Vulnerabilities
Serendipity URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-5474)
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45364)
OpenSSL Improper Authentication Vulnerability (CVE-2023-2975)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11619)