Description

PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.

Remediation

References

CVE-2011-3796

Related Vulnerabilities

Apache Tomcat version older than 7.0.23

WordPress Plugin SG Optimizer Local File Inclusion (5.0.12)

WordPress Plugin tcS3 Cross-Site Scripting (2.1.1)

WordPress Plugin HTTP Headers Multiple Vulnerabilities (1.9.1)

WordPress Plugin WP Social Bookmarking Light Cross-Site Scripting (1.7.9)

Severity

Medium

Classification

CVE-2011-3796 CWE-200

Tags

Missing Update Known Vulnerabilities