CVE-2011-2488
published 2011-07-27CVE-2011-2488: Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
PriorityP419medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.44%
70.0th percentile
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | joomla_! | <= 1.5.23 | — |
| joomla | joomla_! | <= 1.5.22 | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
| joomla | joomla_! | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xx4v-fp2m-hmpv: Joomla! 1
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-2891 [MEDIUM] CWE-200 GHSA-xx4v-fp2m-hmpv: Joomla! 1
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
GHSA
GHSA-7gr4-5g4h-q48g: templates/system/error
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-2889 [MEDIUM] CWE-200 GHSA-7gr4-5g4h-q48g: templates/system/error
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
GHSA
GHSA-xcjj-4x65-hrvc: Joomla! before 1
ghsa_unreviewed·2022-05-17
CVE-2011-2488 [MEDIUM] CWE-200 GHSA-xcjj-4x65-hrvc: Joomla! before 1
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
GHSA
GHSA-xwcc-7hmc-296q: The MediaViewMedia class in administrator/components/com_media/views/media/view
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-2890 [MEDIUM] CWE-200 GHSA-xwcc-7hmc-296q: The MediaViewMedia class in administrator/components/com_media/views/media/view
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.htmlhttp://secunia.com/advisories/44028http://www.joomla.org/announcements/release-news/5367-joomla-1523-released.htmlhttp://www.openwall.com/lists/oss-security/2011/06/20/17http://www.openwall.com/lists/oss-security/2011/06/23/4http://www.osvdb.org/71587http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.htmlhttp://secunia.com/advisories/44028http://www.joomla.org/announcements/release-news/5367-joomla-1523-released.htmlhttp://www.openwall.com/lists/oss-security/2011/06/20/17http://www.openwall.com/lists/oss-security/2011/06/23/4http://www.osvdb.org/71587
2011-07-27
Published