Description

Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files.

Remediation

References

CVE-2011-3743

Related Vulnerabilities

WordPress Plugin Live Chat with Facebook Messenger Cross-Site Scripting (1.4.4)

Oracle Database Server CVE-2008-2591 Vulnerability (CVE-2008-2591)

WordPress Plugin WPFront User Role Editor Unspecified Vulnerability (2.14.1)

WordPress Plugin EZ Portfolio Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029)

Severity

Medium

Classification

CVE-2011-3743 CWE-200

Tags

Missing Update Known Vulnerabilities