CVE-2011-3773

Name of the Vulnerable Software and Affected Versions PHPDevShell version 3.0.0-Beta-4b

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is demonstrated by requesting the gzip.php file, which reveals the installation path in an error message.

Recommendations For PHPDevShell version 3.0.0-Beta-4b, consider restricting access to sensitive .php files, such as gzip.php, to prevent the disclosure of installation paths. As a temporary workaround, avoid using error messages that reveal sensitive information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.