Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2922)
Description
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.