Description

Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.

Remediation

References

CVE-2011-2891

Related Vulnerabilities

Plone CMS Resource Management Errors Vulnerability (CVE-2013-4188)

Oracle Application Server Other Vulnerability (CVE-2005-3452)

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.4)

WordPress Plugin WPS Hide Login Security Bypass (1.5.4.2)

WordPress Plugin WP Limit Posts Automatically Cross-Site Request Forgery (0.7)

Severity

Medium

Classification

CVE-2011-2891 CWE-200

Tags

Missing Update Known Vulnerabilities