CVE-2011-3720

Name of the Vulnerable Software and Affected Versions conceptcms versions 5.3.1 through 5.3.3

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is achieved by revealing the installation path in an error message. For example, files such as sys libs/umlib/um authserver.inc.php are affected.

Recommendations For conceptcms versions 5.3.1 through 5.3.3, consider restricting access to sensitive .php files to prevent information disclosure until a patch is available. As a temporary workaround, avoid using the affected files, such as um authserver.inc.php, in the sys libs/umlib directory.