Description
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
Remediation
References
Related Vulnerabilities
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2019-6338)
WordPress Plugin HTML5 Video Player-Best WordPress Video Player and Block SQL Injection (2.5.24)
WordPress Improper Input Validation Vulnerability (CVE-2018-1000773)
WordPress Plugin Custom Admin Page by BestWebSoft Cross-Site Scripting (0.1.1)
Oracle Application Server CVE-2009-1976 Vulnerability (CVE-2009-1976)