Description

LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.

Remediation

References

CVE-2011-3752

Related Vulnerabilities

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-1102)

Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512)

phpMyAdmin Other Vulnerability (CVE-2001-1060)

WordPress Plugin Google Analytics Dashboard Multiple Unspecified Vulnerabilities (2.0.5)

WordPress Plugin Comprehensive Google Map Cross-Site Request Forgery (9.1.3)

Severity

Medium

Classification

CVE-2011-3752 CWE-200

Tags

Missing Update Known Vulnerabilities