Description
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
Remediation
References
Related Vulnerabilities
ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)
WordPress Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2020-4050)
WordPress Plugin WP Simple Login Registration Cross-Site Scripting (1.0.2)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1836)
WordPress Plugin Connector for Gravity Forms and Google Sheets Cross-Site Scripting (1.1.0)