CVE-2011-3708

Name of the Vulnerable Software and Affected Versions Automne version 4.0.2

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is demonstrated by accessing the admin/page-redirect-info.php endpoint, which reveals the installation path in an error message.

Recommendations For Automne version 4.0.2, consider restricting access to the admin/page-redirect-info.php endpoint to minimize the risk of exploitation. As a temporary workaround, limit direct requests to sensitive .php files until a patch is available.