Description
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Site Reviews Multiple Vulnerabilities (6.5.1)
WordPress 3.8.x Same Origin Method Execution (SOME) Vulnerability (3.8 - 3.8.13)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.10.3)
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-5433)
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10324)