Description
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
Remediation
References
Related Vulnerabilities
WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.10.1)
MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)
Oracle JRE CVE-2014-0463 Vulnerability (CVE-2014-0463)
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)