Description

CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.

Remediation

References

CVE-2011-3724

Related Vulnerabilities

WordPress Plugin External 'Video for Everybody' Cross-Site Scripting (2.0)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26071)

WordPress Plugin All-in-One WP Migration Arbitrary File Upload (7.40)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (5.1.4)

Joomla Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2018-11324)

Severity

Medium

Classification

CVE-2011-3724 CWE-200

Tags

Missing Update Known Vulnerabilities