Description
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
Remediation
References
Related Vulnerabilities
PHP Double Free Vulnerability (CVE-2016-5772)
Oracle JRE CVE-2013-1571 Vulnerability (CVE-2013-1571)
Oracle Database Server CVE-2007-5509 Vulnerability (CVE-2007-5509)
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4043)