Description

LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.

Remediation

References

CVE-2011-3752

Related Vulnerabilities

WordPress Plugin Popups, Welcome Bar, Optins and Lead Generation-Icegram Cross-Site Scripting (1.10.28.2)

WordPress Plugin HTTP Headers Multiple Vulnerabilities (1.9.1)

Squid Improper Input Validation Vulnerability (CVE-2016-2570)

WordPress 2.5 Cross-Site Scripting Vulnerability (2.5)

MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-8115)

Severity

Medium

Classification

CVE-2011-3752 CWE-200

Tags

Missing Update Known Vulnerabilities