Vulnerability Details : CVE-2011-2891
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
Vulnerability category: Information leak
Products affected by CVE-2011-2891
- cpe:2.3:a:joomla:joomla\!:1.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta13:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta12:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta8:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta5:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:alpha2:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta9:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta10:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta6:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta15:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta4:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta3:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta11:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta7:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:1.6:beta14:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2891
0.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2891
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-2891
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2891
-
http://www.openwall.com/lists/oss-security/2011/06/27/6
oss-security - Re: CVE request: Joomla unspecified information disclosure vulnerabilityExploit
-
http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html
Joomla! 1.6.1 and lower | Information Disclosure & ClickJacking vulnerabilitiesExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68881
Joomla! Itemid array path disclosure CVE-2011-2891 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2011/06/27/8
oss-security - Re: CVE request: Joomla unspecified information disclosure vulnerabilityExploit
-
http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html
Joomla! Developer: News about the development of the Open Source CMS Joomla
Jump to