CVE-2011-3745

Name of the Vulnerable Software and Affected Versions HycusCMS version 1.0.3

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is achieved by accessing the file directly, which reveals the installation path in an error message. For example, requesting the "templates/hycus template/template.php" file can expose this information.

Recommendations For HycusCMS version 1.0.3, consider restricting direct access to .php files, especially those that may reveal sensitive information, until a proper fix is available. As a temporary workaround, restrict access to the "templates/hycus template/template.php" file to minimize the risk of exploitation.