Silitix

**Name of the Vulnerable Software and Affected Versions** DotClear (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information via direct requests for various files, including `edit cat.php`, `index.php`, `edit link.php` in `ecrire/tools/blogroll/`, `syslog/index.php`, `thememng/index.php`, `toolsmng/index.php`, `utf8convert/index.php` in `/ecrire/tools/`, `/ecrire/inc/connexion.php`, `/inc/session.php`, `class.blog.php`, `class.blogcomment.php`, `class.blogpost.php` in `/inc/classes/`, `append.php`, `class.xblog.php`, `class.xblogcomment.php`, `class.xblogpost.php` in `/layout/`, and `form.php`, `list.php`, `post.php`, `template.php` in `/themes/default/`. These files reveal the installation path in error messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.