CVE-2012-3838

Name of the Vulnerable Software and Affected Versions Gekko versions prior to 1.2.0

Description The issue allows remote attackers to obtain the installation path via a direct request to specific PHP files. This can be achieved by accessing the following API endpoints: "admin/templates/babygekko/index.php" or "templates/html5demo/index.php".

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints "admin/templates/babygekko/index.php" and "templates/html5demo/index.php" until a patch is available.