Description
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Multiple Vulnerabilities (3.2.0 - 3.6.5)
WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)
MySQL CVE-2013-1502 Vulnerability (CVE-2013-1502)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11589)
WordPress Plugin Taxonomy Images Multiple Unspecified Vulnerabilities (0.6)