CVE-2011-2889
Joomla! < 1.5.23 - Information Disclosure via Error Page Path Exposure
Title source: llmDescription
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://developer.joomla.org/security/news/9-security/10-core-security/340-20110401-core-information-disclosure.html
Patch x_refsource_misc
http://www.joomla.org/announcements/release-news/5367-joomla-1523-released.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68883
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/01/1
Scores
EPSS
0.0001
EPSS Percentile
0.7%
Details
CWE
CWE-200
Status
published
Products (23)
joomla/joomla\!
1.5.0
joomla/joomla\!
1.5.1
joomla/joomla\!
1.5.2
joomla/joomla\!
1.5.3
joomla/joomla\!
1.5.4
joomla/joomla\!
1.5.5
joomla/joomla\!
1.5.6
joomla/joomla\!
1.5.7
joomla/joomla\!
1.5.8
joomla/joomla\!
1.5.9
... and 13 more
Published
Jul 27, 2011
Tracked Since
Feb 18, 2026