Description

WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files.

Remediation

References

CVE-2011-3815

Related Vulnerabilities

WordPress 6.0.x Multiple Vulnerabilities (6.0 - 6.0.8)

WordPress Plugin Cookie Consent for WP-Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) Security Bypass (3.0.2)

MySQL Other Vulnerability (CVE-2003-0780)

MySQL CVE-2022-21323 Vulnerability (CVE-2022-21323)

WordPress Plugin Listing, Classified Ads & Business Directory-uListing SQL Injection (2.0.3)

Severity

Medium

Classification

CVE-2011-3815 CWE-200

Tags

Missing Update Known Vulnerabilities