CVE-2011-2890 — Sensitive Information Exposure in Joomla !

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 49.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !

Timeline

PublishedJul 27

Latest updateMay 17

Description

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDjoomla/joomla_!1.5.23+23

🔴Vulnerability Details

GHSA

GHSA-xwcc-7hmc-296q: The MediaViewMedia class in administrator/components/com_media/views/media/view↗2022-05-17

▶