Description
Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2082)
phpMyFAQ Incorrect Authorization Vulnerability (CVE-2024-22208)
Oracle JRE CVE-2014-0429 Vulnerability (CVE-2014-0429)
Internet Information Services Other Vulnerability (CVE-2002-0071)
WordPress Plugin Login Logout Menu Multiple Cross-Site Scripting Vulnerabilities (1.3.3)