Description

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.

Remediation

References

CVE-2006-0327

Related Vulnerabilities

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.25)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6925)

MySQL CVE-2013-3810 Vulnerability (CVE-2013-3810)

Oracle HTTP Server Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-4185)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.30)

Severity

Medium

Classification

CVE-2006-0327

Tags

Missing Update Known Vulnerabilities