CVE-2009-3946
Joomla! < 1.5.15 - Unauthenticated Sensitive Information Exposure via Direct XML File Request
Title source: llmDescription
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37262
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54160
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/59800
Scores
EPSS
0.0004
EPSS Percentile
12.5%
Details
CWE
CWE-200
Status
published
Products (15)
joomla/joomla\!
1.5.0
joomla/joomla\!
1.5.1
joomla/joomla\!
1.5.2
joomla/joomla\!
1.5.3
joomla/joomla\!
1.5.4
joomla/joomla\!
1.5.5
joomla/joomla\!
1.5.6
joomla/joomla\!
1.5.7
joomla/joomla\!
1.5.8
joomla/joomla\!
1.5.9
... and 5 more
Published
Nov 16, 2009
Tracked Since
Feb 18, 2026