Information disclosure in Status Statusnet
CVE-2011-3802
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.
Vulnerability class: Information Disclosure
EPSS: 0.012 (65.1th percentile) — read the EPSS interpretation.
Affected products
- Status Statusnet — versions 0.9.6
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (mailing-list, x_refsource_MLIST)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)