Description
LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Datepicker Cross-Site Scripting (2.6.0)
WordPress Plugin CSS Hero Cross-Site Scripting (4.03)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.16)
WordPress Plugin WP Popups-WordPress Popup builder Cross-Site Scripting (2.1.4.6)
WordPress Plugin WolfNet IDX for WordPress Multiple Unspecified Vulnerabilities (1.14.7)