CVE-2011-2727
tribiq_cms < 5.2.7b - Unauthenticated Sensitive Information Exposure via Direct Script Request
Title source: llmDescription
The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB22857
Scores
EPSS
0.0153
EPSS Percentile
71.8%
Details
CWE
CWE-200
Status
published
Products (1)
tribiq/tribiq_cms
< 5.2.7b
Published
Dec 30, 2014
Tracked Since
Feb 18, 2026