CVE-2011-3714

Name of the Vulnerable Software and Affected Versions ClanSphere version 2010.0

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is achieved by accessing the file, which reveals the installation path in an error message. For example, accessing 'mods/board/attachment.php' can lead to the disclosure of sensitive information.

Recommendations For ClanSphere version 2010.0, consider restricting access to sensitive .php files, such as 'mods/board/attachment.php', to prevent the disclosure of installation paths and other sensitive information. As a temporary workaround, modify the error handling mechanism to avoid revealing sensitive information in error messages.