CVE-2011-2891
Joomla! 1.6.x < 1.6.2 - Information Disclosure via Empty Itemid Parameter
Title source: llmDescription
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68881
Exploit x_refsource_misc
http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/27/8
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/27/6
Scores
EPSS
0.0011
EPSS Percentile
28.4%
Details
CWE
CWE-200
Status
published
Products (3)
joomla/joomla\!
1.6 alpha (18 CPE variants)
joomla/joomla\!
1.6.0
joomla/joomla\!
1.6.1
Published
Jul 27, 2011
Tracked Since
Feb 18, 2026