Description

ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files.

Remediation

References

CVE-2011-3706

Related Vulnerabilities

WordPress Plugin XforWooCommerce Security Bypass (1.6.4)

MySQL CVE-2019-2738 Vulnerability (CVE-2019-2738)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9517)

ownCloud Improper Input Validation Vulnerability (CVE-2015-7699)

WordPress Plugin Surveys SQL Injection (1.01.8)

Severity

Medium

Classification

CVE-2011-3706 CWE-200

Tags

Missing Update Known Vulnerabilities