Description
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.
Remediation
References
Related Vulnerabilities
MediaWiki Other Vulnerability (CVE-2005-3166)
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26273)
WordPress Plugin Stream SQL Injection (3.8.1)
Apache Tomcat Other Vulnerability (CVE-2002-2008)
WordPress Plugin Contact Form 7 International Sms Integration Cross-Site Scripting (1.2)