b2evolution Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3709)

Description

b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other files.

Remediation

References

CVE-2011-3709

Related Vulnerabilities

WordPress Plugin leads5050-visitor-insights Security Bypass (1.0.5)

Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)

MySQL CVE-2016-0605 Vulnerability (CVE-2016-0605)

WordPress Plugin Nextend Google Connect Unspecified Vulnerability (1.5.3)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17293)

Severity

Medium

Classification

CVE-2011-3709 CWE-200