Description

Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.

Remediation

References

CVE-2007-4185

Related Vulnerabilities

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38263)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6483)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1834)

WordPress Plugin Floating Social Media Links 'wpp' Parameter Multiple Remote File Include Vulnerabilities (1.4.2)

Severity

Medium

Classification

CVE-2007-4185

Tags

Missing Update Known Vulnerabilities