Description

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.

Remediation

References

CVE-2011-2890

Related Vulnerabilities

ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)

WordPress Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2020-4050)

WordPress Plugin WP Simple Login Registration Cross-Site Scripting (1.0.2)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1836)

WordPress Plugin Connector for Gravity Forms and Google Sheets Cross-Site Scripting (1.1.0)

Severity

Medium

Classification

CVE-2011-2890 CWE-200

Tags

Missing Update Known Vulnerabilities