Description
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-0383 Vulnerability (CVE-2013-0383)
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36156)
WordPress Plugin Flog Server-Side Request Forgery (1.0beta3)
WordPress Plugin BAVOKO SEO Tools-All-in-One WordPress SEO Security Bypass (2.1.9.7)
WordPress Plugin Shantz WordPress QOTD Cross-Site Request Forgery (1.2.2)