Description

XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.

Remediation

References

CVE-2011-3822

Related Vulnerabilities

WordPress Plugin OnePress Social Locker Multiple Cross-Site Scripting Vulnerabilities (4.2.0)

WordPress Plugin Quick Cache (Speed Without Compromise) Unspecified Vulnerability (140725)

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)

WordPress Plugin Fancy Cats Multiple Cross-Site Scripting Vulnerabilities (1.1)

WordPress Plugin WP Reactions Lite Cross-Site Scripting (1.3.5)

Severity

Medium

Classification

CVE-2011-3822 CWE-200

Tags

Missing Update Known Vulnerabilities