Description

Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.

Remediation

References

CVE-2011-3728

Related Vulnerabilities

WordPress Plugin WebLibrarian Multiple Unspecified Vulnerabilities (2.6.3.1)

WordPress Plugin MM Forms Community 'doajaxfileupload.php' Arbitrary File Upload (2.2.6)

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-6381)

WordPress Plugin Hero Maps Pro Cross-Site Scripting (2.1.0)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (3.4.34)

Severity

Medium

Classification

CVE-2011-3728 CWE-200

Tags

Missing Update Known Vulnerabilities