Description

FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files.

Remediation

References

CVE-2011-3740

Related Vulnerabilities

WordPress Plugin Wise Agent Lead Capture Forms Cross-Site Scripting (1.0)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-1686)

Zope Web Application Server Other Vulnerability (CVE-2001-0567)

Apache HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-0226)

WordPress Plugin Prevent files/folders access Cross-Site Request Forgery (1.1.1)

Severity

Medium

Classification

CVE-2011-3740 CWE-200

Tags

Missing Update Known Vulnerabilities