Description

Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.

Remediation

References

CVE-2007-4185

Related Vulnerabilities

Jenkins Cryptographic Issues Vulnerability (CVE-2014-2061)

WordPress Plugin WPCafe-Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce Local File Inclusion (2.2.25)

WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (6.1.5)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4522)

WordPress Plugin Trashbin 'mtb_undelete' Parameter Cross-Site Scripting (0.1)

Severity

Medium

Classification

CVE-2007-4185

Tags

Missing Update Known Vulnerabilities