ubuntu · CVE-2011-3740

Quick triage

Priority: low Published: 2011-09-23 23:55:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2011-3740 low priority: Ubuntu including 1 source packages (libfpdi-php), 32 status rows across 32 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hardy, hirsute, impish, jammy, lucid, mantic, maverick, natty, noble, oneiric, oracular, plucky, precise, quantal, questing, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 21, ignored 9, needed 2.

Description:

FrontAccounting 2.3.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by reporting/includes/fpdi/fpdi2tcpdf_bridge.php and certain other files.

cvelogic Threat Intelligence