Description

e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.

Remediation

References

CVE-2011-3731

Related Vulnerabilities

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16358)

MongoDb Missing Authorization Vulnerability (CVE-2024-6375)

Oracle JRE CVE-2014-2409 Vulnerability (CVE-2014-2409)

WordPress Plugin VDZ Google Analytics or Google Tag Manager/GTM Cross-Site Scripting (1.5.5)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1488)

Severity

Medium

Classification

CVE-2011-3731 CWE-200

Tags

Missing Update Known Vulnerabilities