Description

FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files.

Remediation

References

CVE-2011-3740

Related Vulnerabilities

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Multiple Vulnerabilities (3.63)

WordPress Plugin Email posts to subscribers Multiple Vulnerabilities (2.0)

WordPress Plugin Integration for Contact Form 7 and Mailchimp Cross-Site Scripting (1.0.9)

WordPress Plugin User Meta 'uploader.php' Arbitrary File Upload (1.1.1)

WordPress Plugin Article Directory Redux Cross-Site Scripting (1.0.2)

Severity

Medium

Classification

CVE-2011-3740 CWE-200

Tags

Missing Update Known Vulnerabilities