Description

CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.

Remediation

References

CVE-2011-3712

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Information Disclosure (1.2.5)

Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-20408)

WordPress Plugin WP Publication Archive 'file' Parameter Directory Traversal (2.3)

WordPress Plugin Jigoshop Unspecified Vulnerability (1.10.5)

Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2012-1160)

Severity

Medium

Classification

CVE-2011-3712 CWE-200

Tags

Missing Update Known Vulnerabilities