Description
Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP to Twitter Security Bypass (3.2.19)
WordPress Plugin CMS Tree Page View Multiple Vulnerabilities (1.4)
Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)
WordPress Plugin Menu Image Malware/Addware Notification (2.6.9)
WordPress Comment Post Cross-Site Scripting Vulnerability (2.0)