Description

Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.

Remediation

References

CVE-2011-3812

Related Vulnerabilities

WordPress Plugin WP GPX Maps 'wp-gpx-maps_admin_tracks.php' Arbitrary File Upload (1.1.22)

Apache version older than 1.3.37

MySQL CVE-2021-2072 Vulnerability (CVE-2021-2072)

WebLogic CVE-2017-10336 Vulnerability (CVE-2017-10336)

WordPress Plugin Mobile Apps by Wiziapp (Native iPhone & Android mobile Apps) Multiple Unspecified Vulnerabilities (4.1.2)

Severity

Medium

Classification

CVE-2011-3812 CWE-200

Tags

Missing Update Known Vulnerabilities