Description

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.

Remediation

References

CVE-2006-0327

Related Vulnerabilities

Oracle Application Server CVE-2009-0974 Vulnerability (CVE-2009-0974)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.36)

PrestaShop CVE-2008-5791 Vulnerability (CVE-2008-5791)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-6819)

WordPress Plugin TheCartPress eCommerce Shopping Cart 'OptionsPostsList.php' Cross-Site Scripting (1.1.6)

Severity

Medium

Classification

CVE-2006-0327

Tags

Missing Update Known Vulnerabilities