Description

Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.

Remediation

References

CVE-2011-3747

Related Vulnerabilities

WordPress Plugin Magic Fields 2 Cross-Site Scripting (2.3.2.4)

WordPress Plugin WR ContactForm SQL Injection (1.1.9)

WordPress Plugin Elementor Website Builder Security Bypass (1.7.12)

WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2853)

Severity

Medium

Classification

CVE-2011-3747 CWE-200

Tags

Missing Update Known Vulnerabilities