Description

Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.

Remediation

References

CVE-2011-2891

Related Vulnerabilities

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1947)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Open Redirect (4.4.1)

WordPress Plugin Download Manager Cross-Site Scripting (3.2.42)

Drupal Improper Access Control Vulnerability (CVE-2016-3162)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-0365)

Severity

Medium

Classification

CVE-2011-2891 CWE-200

Tags

Missing Update Known Vulnerabilities