Description
b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files.
Remediation
References
Related Vulnerabilities
GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3239)
WordPress Plugin Rate my Post-WP Rating System Multiple Vulnerabilities (3.3.4)
WordPress Plugin eID Easy Cross-Site Scripting (4.6)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.44)