Does exposing an absolute system filepath to the public present a security vulnerability, and if so, how so?

security

EDIT: I have reworded the title and my question to be more general, as well as being more specific as to the answer I am seeking.

I made an error when making some changes in my PHP files, and used __DIR__ to dynamically create the url in a redirect. So if users hit the redirect due to being logged out, they would have gotten directed to a url that is something like: /home/filesystem/path/to/logoutpage.php in the url, which shows up in users' location bar.

My question is, does exposing an absolute system filepath to the public present a security vulnerability? And if so, how does doing this make the site/server vulnerable? How does doing this expose data? And if so, can anyone describe what an attack would look like?

FWIW:

I examined the logfiles and all of the attempts to access that url (10 of them, which of course resulted in 404 as no file exists on that path) were either made by me, or the best I can tell, Sogou search engine (See my comment below for how I deduced this.) As I think Soguo has bigger fish to fry than trying to attack me, I feel there is no cause for alarm.

I did not expose any files containing configuration, only the file which presents a page to allow logging back in once logged out.

This is a small website used by a private community of friends, available to only about 35 registered users. It is for information only; other than storing email addresses for login identification, no other user data is stored.

Solution 1:

Given that all of the attempts to access these incorrect URLs resulted in 404 errors, the only thing you have leaked is your web server's document root. An attacker would need to know this in order to access the files you are serving, but first the attacker would have to break in somehow. And if the attacker has broken in, they can easily read your web server configuration to find the document root, or just poke around the filesystem until they find it. So you've given away very little of consequence.

How can I reset share passwords for WD Sharespace using root in SSH?

How to add NT Virtual Machine\Virtual Machines to GPO

Where are the configurations for CoreDNS stored in Kubernetes

Securely storing AWS access credentials in an on-premise server

How to create global company policy that will set user photos from folder in WS AD

high CPU usage of MySQL and recommendation from Mysqltunner

How to instruct linux not to swap out hot pages of mmaped files?

Can I use both LDAP and LDAPS on the same server?

Can't change linux user password with php script [closed]

Force host to use alternate DNS servers on unresolvable queries with dnsmasq

Fixing the Secure Channel Windows 2012 -- the trust relationship between workstation and domain fails?

Arrange base plots and grid.tables on the same page