CWE-200— Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.— MITRE CWE catalog
8,868 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-200page 19 of 178
- CVE-2011-3708NONECVSS 0.0EG 0.02011-09-23
Automne 4.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/page-redirect-info.php.
- CVE-2011-3709NONECVSS 0.0EG 0.02011-09-23
b2evolution 3.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by locales/ru_RU/ru-RU.locale.php and certain other fil…
- CVE-2011-3710NONECVSS 0.0EG 0.02011-09-23
bbPress 1.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by bb-templates/kakumei/view.php and certain other files.
- CVE-2011-3711NONECVSS 0.0EG 0.02011-09-23
BIGACE 2.7.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/libs/javascript.inc.php and certain other files.
- CVE-2011-3713NONECVSS 0.0EG 0.02011-09-23
cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/session_check.php and certain other files.
- CVE-2011-3714NONECVSS 0.0EG 0.02011-09-23
ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.
- CVE-2011-3715NONECVSS 0.0EG 0.02011-09-23
ClanTiger 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/statistics.php and certain other fi…
- CVE-2011-3716NONECVSS 0.0EG 0.02011-09-23
Claroline 1.9.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by work/connector/linker.cnr.php and certain other files.
- CVE-2011-3717NONECVSS 0.0EG 0.02011-09-23
ClipBucket 2.0.9 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/signup_captcha/signup_captcha.php and certain…
- CVE-2011-3718NONECVSS 0.0EG 0.02011-09-23
CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and c…
- CVE-2011-3719NONECVSS 0.0EG 0.02011-09-23
CodeIgniter 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other …
- CVE-2011-3720NONECVSS 0.0EG 0.02011-09-23
conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by sys_libs/umlib/um…
- CVE-2011-3721NONECVSS 0.0EG 0.02011-09-23
concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/spellchecker_service.php an…
- CVE-2011-3722NONECVSS 0.0EG 0.02011-09-23
Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/inspekt.php and certain …
- CVE-2011-3723NONECVSS 0.0EG 0.02011-09-23
Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by README_FILES/livehelp.php and certain other files.
- CVE-2011-3724NONECVSS 0.0EG 0.02011-09-23
CubeCart 4.4.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/shipping/USPS/calc.php and certain other files.
- CVE-2011-3725NONECVSS 0.0EG 0.02011-09-23
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by header_html.php.
- CVE-2011-3726NONECVSS 0.0EG 0.02011-09-23
DoceboLMS 4.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by views/dummy/show.php and certain other files.
- CVE-2011-3727NONECVSS 0.0EG 0.02011-09-23
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files.
- CVE-2011-3728NONECVSS 0.0EG 0.02011-09-23
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other file…
- CVE-2011-3729NONECVSS 0.0EG 0.02011-09-23
dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other file…
- CVE-2011-3730NONECVSS 0.0EG 0.02011-09-23
Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.p…
- CVE-2011-3731NONECVSS 0.0EG 0.02011-09-23
e107 0.7.24 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by e107_plugins/pdf/e107pdf.php and certain other files.
- CVE-2011-3732NONECVSS 0.0EG 0.02011-09-23
eggBlog 4.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _lib/fckeditor/editor/dialog/fck_spellerpages/spellerpag…
- CVE-2011-3733NONECVSS 0.0EG 0.02011-09-23
Elgg 1.7.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by vendors/simpletest/test/visual_test.php and certain other f…
- CVE-2011-3734NONECVSS 0.0EG 0.02011-09-23
Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain othe…
- CVE-2011-3735NONECVSS 0.0EG 0.02011-09-23
Escort Agency CMS (aka escort-agency-cms) allows remote attackers to obtain sensitive information via crafted array parameters in a request to a .php file, which reveals the installation path in an error message, as demonstrated by makethu…
- CVE-2011-3736NONECVSS 0.0EG 0.02011-09-23
ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by upgrades/upgrade9.php and certain other files.
- CVE-2011-3737NONECVSS 0.0EG 0.02011-09-23
eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by apps/rmail/webmail/program/lib/Net/SMTP.php and certain …
- CVE-2011-3738NONECVSS 0.0EG 0.02011-09-23
Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain othe…
- CVE-2011-3739NONECVSS 0.0EG 0.02011-09-23
Freeway 1.5 Alpha allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/Freeway/boxes/last_product.php and certain…
- CVE-2011-3740NONECVSS 0.0EG 0.02011-09-23
FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php an…
- CVE-2011-3741NONECVSS 0.0EG 0.02011-09-23
Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files.
- CVE-2011-3742NONECVSS 0.0EG 0.02011-09-23
HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other f…
- CVE-2011-3743NONECVSS 0.0EG 0.02011-09-23
Hesk 2.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files.
- CVE-2011-3744NONECVSS 0.0EG 5.32011-09-23
HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain oth…
- CVE-2011-3745NONECVSS 0.0EG 0.02011-09-23
HycusCMS 1.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/hycus_template/template.php.
- CVE-2011-3746NONECVSS 0.0EG 0.02011-09-23
Jcow 4.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/page.tpl.php and certain other files.
- CVE-2011-3747NONECVSS 0.0EG 0.02011-09-23
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
- CVE-2011-3748NONECVSS 0.0EG 0.02011-09-23
Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by V2A_XHTML/style/view.php and certain other fil…
- CVE-2011-3749NONECVSS 0.0EG 0.02011-09-23
ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files.
- CVE-2011-3750NONECVSS 0.0EG 0.02011-09-23
kPlaylist 1.8.502 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by getid3/getid3/write.id3v1.php and certain other file…
- CVE-2011-3751NONECVSS 0.0EG 0.02011-09-23
LifeType 1.2.10 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/badbehavior/pluginbadbehavior.class.php.
- CVE-2011-3752NONECVSS 0.0EG 0.02011-09-23
LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain o…
- CVE-2011-3753NONECVSS 0.0EG 0.02011-09-23
LinPHA 1.3.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by viewer.php and certain other files.
- CVE-2011-3754NONECVSS 0.0EG 0.02011-09-23
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.
- CVE-2011-3755NONECVSS 0.0EG 0.02011-09-23
MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files.
- CVE-2011-3756NONECVSS 0.0EG 0.02011-09-23
MicroBlog 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by init.php and certain other files.
- CVE-2011-3757NONECVSS 0.0EG 0.02011-09-23
Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.
- CVE-2011-3758NONECVSS 0.0EG 0.02011-09-23
::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smarty_internal_template.ph…
Map vulnerabilities like CWE-200 to your infrastructure
EchelonGraph correlates every CVE — across CWE-200 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →