CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 330 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3811 | 0.00 | — | 0.01 | Sep 24, 2011 | TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files. | |||
| CVE-2011-3810 | 0.00 | — | 0.01 | Sep 24, 2011 | TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php. | |||
| CVE-2011-3809 | 0.00 | — | 0.01 | Sep 24, 2011 | TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files. | |||
| CVE-2011-3808 | 0.00 | — | 0.01 | Sep 24, 2011 | The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files. | |||
| CVE-2011-3807 | 0.00 | — | 0.01 | Sep 24, 2011 | Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files. | |||
| CVE-2011-3806 | 0.00 | — | 0.01 | Sep 24, 2011 | TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files. | |||
| CVE-2011-3805 | 0.00 | — | 0.01 | Sep 24, 2011 | TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files. | |||
| CVE-2011-3804 | 0.00 | — | 0.01 | Sep 24, 2011 | SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php. | |||
| CVE-2011-3803 | 0.00 | — | 0.01 | Sep 24, 2011 | SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files. | |||
| CVE-2011-3802 | 0.00 | — | 0.01 | Sep 24, 2011 | StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files. | |||
| CVE-2011-3801 | 0.00 | — | 0.01 | Sep 24, 2011 | SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files. | |||
| CVE-2011-3800 | 0.00 | — | 0.01 | Sep 24, 2011 | Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files. | |||
| CVE-2011-3799 | 0.00 | — | 0.01 | Sep 24, 2011 | ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files. | |||
| CVE-2011-3798 | 0.00 | — | 0.01 | Sep 24, 2011 | Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files. | |||
| CVE-2011-3797 | 0.00 | — | 0.01 | Sep 24, 2011 | ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | |||
| CVE-2011-3796 | 0.00 | — | 0.02 | Sep 24, 2011 | PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files. | |||
| CVE-2011-3795 | 0.00 | — | 0.01 | Sep 24, 2011 | Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files. | |||
| CVE-2011-3794 | 0.00 | — | 0.01 | Sep 24, 2011 | Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/init.php and certain other files. | |||
| CVE-2011-3793 | 0.00 | — | 0.02 | Sep 24, 2011 | Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files. | |||
| CVE-2011-3792 | 0.00 | — | 0.01 | Sep 24, 2011 | Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files. |
- CVE-2011-3811Sep 24, 2011risk 0.00cvss —epss 0.01
TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files.
- CVE-2011-3810Sep 24, 2011risk 0.00cvss —epss 0.01
TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.
- CVE-2011-3809Sep 24, 2011risk 0.00cvss —epss 0.01
TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files.
- CVE-2011-3808Sep 24, 2011risk 0.00cvss —epss 0.01
The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files.
- CVE-2011-3807Sep 24, 2011risk 0.00cvss —epss 0.01
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
- CVE-2011-3806Sep 24, 2011risk 0.00cvss —epss 0.01
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
- CVE-2011-3805Sep 24, 2011risk 0.00cvss —epss 0.01
TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files.
- CVE-2011-3804Sep 24, 2011risk 0.00cvss —epss 0.01
SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php.
- CVE-2011-3803Sep 24, 2011risk 0.00cvss —epss 0.01
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
- CVE-2011-3802Sep 24, 2011risk 0.00cvss —epss 0.01
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.
- CVE-2011-3801Sep 24, 2011risk 0.00cvss —epss 0.01
SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files.
- CVE-2011-3800Sep 24, 2011risk 0.00cvss —epss 0.01
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
- CVE-2011-3799Sep 24, 2011risk 0.00cvss —epss 0.01
ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files.
- CVE-2011-3798Sep 24, 2011risk 0.00cvss —epss 0.01
Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files.
- CVE-2011-3797Sep 24, 2011risk 0.00cvss —epss 0.01
ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
- CVE-2011-3796Sep 24, 2011risk 0.00cvss —epss 0.02
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.
- CVE-2011-3795Sep 24, 2011risk 0.00cvss —epss 0.01
Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files.
- CVE-2011-3794Sep 24, 2011risk 0.00cvss —epss 0.01
Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/init.php and certain other files.
- CVE-2011-3793Sep 24, 2011risk 0.00cvss —epss 0.02
Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files.
- CVE-2011-3792Sep 24, 2011risk 0.00cvss —epss 0.01
Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files.