Code injection

2011-07-2720:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.8%

JSON

Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.

CPENameOperatorVersion
joomla\\!eq1.6 beta15
joomla\\!eq1.6 beta12
joomla\\!eq1.6 beta3
joomla\\!eq1.6 beta13
joomla\\!eq1.6.1
joomla\\!eq1.6 beta8
joomla\\!eq1.6 beta5
joomla\\!eq1.6.0
joomla\\!eq1.6 beta1
joomla\\!eq1.6 beta6

Name	Operator	Version
joomla\\!	eq	1.6 beta15
joomla\\!	eq	1.6 beta12
joomla\\!	eq	1.6 beta3
joomla\\!	eq	1.6 beta13
joomla\\!	eq	1.6.1
joomla\\!	eq	1.6 beta8
joomla\\!	eq	1.6 beta5
joomla\\!	eq	1.6.0
joomla\\!	eq	1.6 beta1
joomla\\!	eq	1.6 beta6

Rows per page:

1-10 of 201

References

bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html

developer.joomla.org/security/news/341-20110402-core-information-disclosure.html

www.openwall.com/lists/oss-security/2011/06/27/6

www.openwall.com/lists/oss-security/2011/06/27/8

exchange.xforce.ibmcloud.com/vulnerabilities/68881