CVE-2011-3721

Name of the Vulnerable Software and Affected Versions concrete5 versions 5.4.0.5 through 5.4.1.1

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is achieved by revealing the installation path in an error message. For example, files such as tools/spellchecker service.php can be targeted to exploit this issue.

Recommendations For versions 5.4.0.5 through 5.4.1.1, consider restricting access to sensitive .php files, such as tools/spellchecker service.php, to prevent information disclosure until a fix is available.