CVE-2011-3746

Name of the Vulnerable Software and Affected Versions Jcow version 4.2.1

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is achieved by accessing specific files, such as themes/default/page.tpl.php, which reveals the installation path in an error message.

Recommendations For Jcow version 4.2.1, consider restricting access to sensitive .php files to prevent information disclosure. As a temporary workaround, restrict access to the themes/default/page.tpl.php file and other similar files until a patch is available.