CVE-2011-2890

Published: Jul 27, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.

Affected (25)

Products: Joomla: Joomla!

Joomla

1 product

Joomla!

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	Up to 1.5.23
Joomla Joomla!	Version 1.5.0
Joomla Joomla!	Version 1.5.10
Joomla Joomla!	Version 1.5.11
Joomla Joomla!	Version 1.5.12
Joomla Joomla!	Version 1.5.13
Joomla Joomla!	Version 1.5.14
Joomla Joomla!	Version 1.5.15
Joomla Joomla!	Version 1.5.15 rc
Joomla Joomla!	Version 1.5.16
Joomla Joomla!	Version 1.5.17
Joomla Joomla!	Version 1.5.18
Joomla Joomla!	Version 1.5.19
Joomla Joomla!	Version 1.5.1
Joomla Joomla!	Version 1.5.20
Joomla Joomla!	Version 1.5.21
Joomla Joomla!	Version 1.5.22
Joomla Joomla!	Version 1.5.2
Joomla Joomla!	Version 1.5.3
Joomla Joomla!	Version 1.5.4
Joomla Joomla!	Version 1.5.5
Joomla Joomla!	Version 1.5.6
Joomla Joomla!	Version 1.5.7
Joomla Joomla!	Version 1.5.8
Joomla Joomla!	Version 1.5.9

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.openwall.com/lists/oss-security/2011/07/01/1

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/68882

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2011/07/01/1

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/68882

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.