Description

Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.

Remediation

References

CVE-2007-4185

Related Vulnerabilities

WordPress Plugin Grapefile File Sharing 'grapeupload.php' Arbitrary File Upload (1.1)

WordPress Plugin WP Subscribe Cross-Site Scripting (1.0.2)

WordPress Plugin Image Photo Gallery Final Tiles Grid Cross-Site Scripting (3.4.18)

WordPress Plugin Appointment Scheduling for Zoom GoogleMeet and more-Wappointment Cross-Site Scripting (2.2.4)

WordPress Plugin Custom Login Page Customizer-LoginPress Multiple Vulnerabilities (1.1.13)

Severity

Medium

Classification

CVE-2007-4185

Tags

Missing Update Known Vulnerabilities