CVE-2011-3731

e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107plugins/pdf/e107pdf.php and certain other files...

CVE-2011-3756

MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files...

CVE-2011-3748

Kamads Classifieds 2B3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by V2AXHTML/style/view.php and certain other files...

CVE-2011-3699

John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files...

CVE-2011-3754

CVE-2011-3754 affects Mambo 4.6.5. The vulnerability allows information disclosure via a direct request to a PHP file, where an error message reveals the installation path (e.g., includes/sef.php). Impact is partial confidentiality loss. The technical details do not specify a patch or workaround ...

CVE-2011-3752

CVE-2011-3752 affects LimeSurvey 1.90+ build9642-20101214. The issue is an information disclosure where remote attackers can trigger a direct request to a PHP file (e.g., admin/statistics.php) that reveals the installation path in an error message. This is described across multiple documents (NVD...

CVE-2011-3746

CVE-2011-3746 affects Jcow 4.2.1. A direct request to a PHP file (e.g., themes/default/page.tpl.php and related files) can cause an error message that reveals the installation path, enabling information disclosure. Exploitation details are not provided in the supplied documents. No remediation or...

CVE-2011-3740

Inffected software: FrontAccounting 2.3.1. The vulnerability arises from an information-disclosure flaw where a direct request to a PHP file (e.g., reporting/includes/fpdi/fpdi2tcpdf_bridge.php) causes an error message that reveals the installation path. This discreetly exposes partial confidenti...

CVE-2011-3739

Freeway 1.5 Alpha is affected by an information-disclosure vulnerability where remote attackers can obtain the installation path by directly requesting certain PHP files (e.g., templates/Freeway/boxes/last_product.php). The issue stems from error messages revealing filesystem paths. Affected comp...

CVE-2011-3738

Feng Office 1.7.2 is affected by an information-disclosure vulnerability: a direct request to certain PHP files (e.g., public/upgrade/templates/layout.php) can reveal the installation path in an error message. Affected component: Feng Office PHP files; root cause: error message leakage. Impact: p...

CVE-2011-3733

Elgg 1.7.6 is affected by CVE-2011-3733. An information-disclosure flaw allows remote attackers to obtain sensitive data by making a direct request to certain PHP files, which reveals the installation path in an error message (as demonstrated by vendors/simpletest/test/visual_test.php and related...

CVE-2011-3730

CVE-2011-3730 concerns Drupal 7.0, where remote attackers can trigger an information disclosure by requesting a PHP file directly, causing an error message that reveals the installation path. Documentation cites examples such as modules/simpletest/tests/upgrade/drupal-6.upload.database.php and re...

CVE-2011-3724

CubeCart 4.4.3 is affected by CVE-2011-3724. A remote attacker can obtain sensitive information by directly requesting certain PHP files (e.g., modules/shipping/USPS/calc.php), causing an error message that reveals the installation path. This constitutes partial confidentiality impact. The affect...

CVE-2011-3720

ConceptCMS 5.3.1 and 5.3.3 (and possibly other versions) are affected by an information-disclosure vulnerability: remote attackers can obtain sensitive info via a direct request to a .php file, with an error message revealing the installation path (e.g., sys_libs/umlib/um_authserver.inc.php). Roo...

CVE-2011-3718

CMS Made Simple (CMSMS) 1.9.2 is affected by CVE-2011-3718. A remote attacker can obtain sensitive information by directly requesting a PHP file (e.g., modules/TinyMCE/TinyMCE.module.php), resulting in an error message that reveals the installation path. The vulnerability is an information-disclo...

CVE-2011-3716

CVE-2011-3716 affects Claroline 1.9.7. The issue allows remote attackers to obtain sensitive information by requesting a .php file directly, which causes an error message to reveal the installation path (e.g., via work/connector/linker.cnr.php and similar files). The available documents do not pr...

CVE-2011-3715

CVE-2011-3715 affects ClanTiger 1.1.3. Affected component: PHP files (e.g., widgets/statistics/statistics.php) that disclose the installation path in an error message when directly requested. This enables remote information disclosure. Root cause: direct access to certain PHP files leaks path inf...

CVE-2011-3703

AneCMS 1.0 is affected by an information disclosure vulnerability: remote attackers can cause a PHP file to reveal the installation path in an error message (e.g., via widgets/menu/index.php and related files). This is a direct request/file-path leakage issue, not an authentication bypass or code...

CVE-2011-3700

Vulnerability: CVE-2011-3700 in Advanced Electron Forum (AEF) 1.0.8. Issue: Remote attackers can disclose sensitive information by making a direct request to a PHP file (languages/english/deletetopic_lang.php), causing an error message that reveals the installation path. Impact: Information discl...

CVE-2011-3758

CVE-2011-3758 affects the package “::mound::” version 2.1.6 . A remote attacker can obtain sensitive information by directly requesting a PHP file, causing an error message that reveals the installation path (e.g., lib/smarty/libs/sysplugins/smarty_internal_template.php and related files). The pr...