Description

Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.

Remediation

References

CVE-2011-3790

Related Vulnerabilities

WordPress Plugin Social Media Widget Serving Spam (4.0)

Joomla! Core 1.6.x Security Bypass (1.6.0 - 1.6.3)

Oracle Database Server CVE-2006-1876 Vulnerability (CVE-2006-1876)

WordPress Plugin Wp-FileManager 'ajaxfilemanager.php' Arbitrary File Upload (1.2)

PHP Use After Free Vulnerability (CVE-2016-6290)

Severity

Medium

Classification

CVE-2011-3790 CWE-200

Tags

Missing Update Known Vulnerabilities