Description

WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files.

Remediation

References

CVE-2011-3815

Related Vulnerabilities

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)

MySQL CVE-2016-0658 Vulnerability (CVE-2016-0658)

WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)

Magento CVE-2020-9632 Vulnerability (CVE-2020-9632)

WordPress Plugin Ultimate GDPR & CCPA Compliance Toolkit for WordPress Security Bypass (2.4)

Severity

Medium

Classification

CVE-2011-3815 CWE-200

Tags

Missing Update Known Vulnerabilities