Description
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.33)
WordPress Plugin WP-Polls Cross-Site Scripting (2.73)
JBoss Application Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-3609)
Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)
Apache HTTP Server Incorrect Authorization Vulnerability (CVE-2014-8109)