Description
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Information Disclosure (3.1.0 - 3.8.7)
Magento CVE-2020-9580 Vulnerability (CVE-2020-9580)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.9.0)
WordPress Plugin Safe SVG Cross-Site Scripting (1.9.5)
WordPress Plugin Contextual Related Posts Multiple Vulnerabilities (3.3.1)