Description

Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.

Remediation

References

CVE-2011-3812

Related Vulnerabilities

PostgreSQL Improper Access Control Vulnerability (CVE-2016-7048)

WordPress Plugin G-Lock Double Opt-in Manager 'ajaxbackend.php' SQL Injection (2.6.2)

Craft CMS Missing Authentication for Critical Function Vulnerability (CVE-2026-33159)

WordPress Plugin Shared Files-Easy Download Manager and File Sharing with Frontend File Upload Cross-Site Scripting (1.6.60)

WordPress Plugin Post Indexer (WPMU DEV) Multiple Vulnerabilities (3.0.6.1)

Severity

Medium

Classification

CVE-2011-3812 CWE-200

Tags

Missing Update Known Vulnerabilities