CWE-200— Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.— MITRE CWE catalog
8,868 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-200page 20 of 178
- CVE-2011-3759NONECVSS 0.0EG 0.02011-09-23
MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/3rdparty/diff/Diff/ThreeWay.php and…
- CVE-2011-3760NONECVSS 0.0EG 0.02011-09-24
Nucleus 3.61 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/api_nucleus.inc.php and certain other files.
- CVE-2011-3761NONECVSS 0.0EG 0.02011-09-24
NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files.
- CVE-2011-3762NONECVSS 0.0EG 0.02011-09-24
OpenBlog 1.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other fil…
- CVE-2011-3763NONECVSS 0.0EG 0.02011-09-24
OpenCart 1.4.9.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/startup.php and certain other files.
- CVE-2011-3764NONECVSS 0.0EG 0.02011-09-24
OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other…
- CVE-2011-3765NONECVSS 0.0EG 0.02011-09-24
Open-Realty 2.5.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/versions/upgrade_115.inc.php and certain oth…
- CVE-2011-3766NONECVSS 0.0EG 0.02011-09-24
OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/orange/menu/Menu.php and certain other files.
- CVE-2011-3767NONECVSS 0.0EG 0.02011-09-24
osCommerce 3.0a5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by redirect.php.
- CVE-2011-3768NONECVSS 0.0EG 0.02011-09-24
Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
- CVE-2011-3769NONECVSS 0.0EG 0.02011-09-24
PHPads 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ads.inc.php.
- CVE-2011-3770NONECVSS 0.0EG 0.02011-09-24
phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain o…
- CVE-2011-3771NONECVSS 0.0EG 0.02011-09-24
phpBook 2.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by doc/update_smilies_1.50-1.60.php and certain other files.
- CVE-2011-3772NONECVSS 0.0EG 0.02011-09-24
phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/noti_newtopic.php and certain other files.
- CVE-2011-3773NONECVSS 0.0EG 0.02011-09-24
PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by gzip.php.
- CVE-2011-3774NONECVSS 0.0EG 0.02011-09-24
php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/landing.php and certain …
- CVE-2011-3775NONECVSS 0.0EG 0.02011-09-24
PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xestion/varios/logs.inc.php and certain other f…
- CVE-2011-3776NONECVSS 0.0EG 0.02011-09-24
phpFormGenerator 2.09 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by forms/process.php.
- CVE-2011-3777NONECVSS 0.0EG 0.02011-09-24
phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files.
- CVE-2011-3778NONECVSS 0.0EG 0.02011-09-24
PhpGedView 4.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by serviceClientTest.php and certain other files.
- CVE-2011-3779NONECVSS 0.0EG 0.02011-09-24
PhpHostBot 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/create_acct.php and certain other files.
- CVE-2011-3780NONECVSS 0.0EG 0.02011-09-24
PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_common.php and certain other files.
- CVE-2011-3781NONECVSS 0.0EG 0.02011-09-24
PHPIDS 0.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/IDS/VersionTest.php and certain other files.
- CVE-2011-3782NONECVSS 0.0EG 0.02011-09-24
phpLD 2-151.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain othe…
- CVE-2011-3783NONECVSS 0.0EG 0.02011-09-24
phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files.
- CVE-2011-3784NONECVSS 0.0EG 0.02011-09-24
Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Odyssey/theme.php and certain othe…
- CVE-2011-3785NONECVSS 0.0EG 0.02011-09-24
PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and cer…
- CVE-2011-3786NONECVSS 0.0EG 0.02011-09-24
PHProjekt 6.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Setup/Controllers/IndexController.php.
- CVE-2011-3787NONECVSS 0.0EG 0.02011-09-24
phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/schedule.template.php and certain other…
- CVE-2011-3788NONECVSS 0.0EG 0.02011-09-24
PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Test/Test_Suhosin.php and certain other files.
- CVE-2011-3789NONECVSS 0.0EG 0.02011-09-24
phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majona…
- CVE-2011-3790NONECVSS 0.0EG 0.02011-09-24
Piwigo 2.1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tools/metadata.php and certain other files.
- CVE-2011-3791NONECVSS 0.0EG 0.02011-09-24
Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files.
- CVE-2011-3792NONECVSS 0.0EG 0.02011-09-24
Pixelpost 1.7.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/functions_feeds.php and certain other files.
- CVE-2011-3793NONECVSS 0.0EG 0.02011-09-24
Pixie 1.04 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/modules/static.php and certain other files.
- CVE-2011-3794NONECVSS 0.0EG 0.02011-09-24
Pligg CMS 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by widgets/statistics/init.php and certain other files.
- CVE-2011-3795NONECVSS 0.0EG 0.02011-09-24
Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files.
- CVE-2011-3796NONECVSS 0.0EG 0.02011-09-24
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.
- CVE-2011-3797NONECVSS 0.0EG 0.02011-09-24
ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain ot…
- CVE-2011-3798NONECVSS 0.0EG 0.02011-09-24
Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files.
- CVE-2011-3799NONECVSS 0.0EG 0.02011-09-24
ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files.
- CVE-2011-3800NONECVSS 0.0EG 0.02011-09-24
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other fil…
- CVE-2011-3801NONECVSS 0.0EG 0.02011-09-24
SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files.
- CVE-2011-3802NONECVSS 0.0EG 0.02011-09-24
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.
- CVE-2011-3803NONECVSS 0.0EG 0.02011-09-24
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
- CVE-2011-3804NONECVSS 0.0EG 0.02011-09-24
SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php.
- CVE-2011-3805NONECVSS 0.0EG 0.02011-09-24
TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and c…
- CVE-2011-3806NONECVSS 0.0EG 0.02011-09-24
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other file…
- CVE-2011-3807NONECVSS 0.0EG 0.02011-09-24
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
- CVE-2011-3808NONECVSS 0.0EG 0.02011-09-24
The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain…
Map vulnerabilities like CWE-200 to your infrastructure
EchelonGraph correlates every CVE — across CWE-200 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →