Description

phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.

Remediation

References

CVE-2011-3783

Related Vulnerabilities

MySQL CVE-2022-21304 Vulnerability (CVE-2022-21304)

Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648)

WordPress Plugin Store Locator Plus for WordPress Multiple Vulnerabilities (3.0.1)

WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Arbitrary File Write (3.37.14)

WordPress Plugin Modern WPBakery Page Builder Addons (formerly Visual Composer)-Add-ons Arbitrary File Upload (3.0.1)

Severity

Medium

Classification

CVE-2011-3783 CWE-200

Tags

Missing Update Known Vulnerabilities