Description

ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files.

Remediation

References

CVE-2011-3706

Related Vulnerabilities

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-40690)

Serendipity URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-5474)

WordPress Plugin PowerPress Podcasting by Blubrry SQL Injection (6.0.2)

WordPress Plugin WP Mobile Detector Unspecified Vulnerability (2.1)

OpenSSL Numeric Errors Vulnerability (CVE-2007-4995)

Severity

Medium

Classification

CVE-2011-3706 CWE-200

Tags

Missing Update Known Vulnerabilities