CVE-2011-3768

CVE Database · CVE-2011-3768

CVE-2011-3768

· N/AModified

CVSS v3.1

N/A

EPSS

1.24%

Published

Sep 23, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.

Weaknesses (CWE)

CWE-200

Affected Products (1)

phorum · phorumvulnerable

References (8)

http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README

http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a

http://www.openwall.com/lists/oss-security/2011/06/27/6

https://exchange.xforce.ibmcloud.com/vulnerabilities/70604

http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README

http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a

http://www.openwall.com/lists/oss-security/2011/06/27/6

https://exchange.xforce.ibmcloud.com/vulnerabilities/70604

KEV Catalog EPSS Scores Vendors All CVEs