Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2011-3812
Good to know:
Date: September 23, 2011
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
Language: PHP
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200Top Fix
Upgrade Version
Upgrade to version dimassrio/vanilla - Vanilla_2.0.4;dimassrio/vanilla - no_fix;phraseanet/phraseanet - dev-dependabot/npm_and_yarn/Phraseanet-production-client/webpack-dev-server-3.1.11;phraseanet/phraseanet - dev-dependabot/npm_and_yarn/jquery-3.4.0;phraseanet/phraseanet - 3.1.22;citizennet/sf-combine-plugin - no_fix;jelix/jelix - RELEASE_JELIX_1_3_BETA1;moodle/moodle - v2.3.0-beta;ncsuwebdev/otframework - 1.0.0;ncsuwebdev/otframework - 3.0.0alpha4;tga/forum-bundle - no_fix;bishopb/vanilla - no_fix;heristop/sf-combine-plugin - no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | LOW |
| Authentication (AU): | NONE |
| Confidentiality (C): | PARTIAL |
| Integrity (I): | NONE |
| Availability (A): | NONE |
| Additional information: |