Description

templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.

Remediation

References

CVE-2011-2889

Related Vulnerabilities

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Cross-Site Scripting (2.3.0)

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43331)

WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)

WordPress Plugin Smart Scroll Posts for WordPress includes Backdoor [Only if downloaded via the vendor website] (2.0.8)

WordPress Plugin Chameleoni Jobs Multiple Cross-Site Scripting Vulnerabilities (1.2.2)

Severity

Medium

Classification

CVE-2011-2889 CWE-200

Tags

Missing Update Known Vulnerabilities