Description

Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other files.

Remediation

References

CVE-2011-3733

Related Vulnerabilities

Joomla Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-15697)

WordPress Plugin Download Manager Cross-Site Scripting (3.2.46)

Joomla! Core 3.x.x Multiple Vulnerabilities (3.7.0 - 3.8.3)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.9)

Apache Tomcat Other Vulnerability (CVE-2000-0760)

Severity

Medium

Classification

CVE-2011-3733 CWE-200

Tags

Missing Update Known Vulnerabilities