CVE-2011-2891 Information

Description

Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php which reveals the installation path in an error message a different vulnerability than CVE-2011-2488.

Reference

http://bl0g.yehg.net/2011/04/joomla-161-and-lower-information.html http://developer.joomla.org/security/news/341-20110402-core-information-disclosure.html http://www.openwall.com/lists/oss-security/2011/06/27/6 http://www.openwall.com/lists/oss-security/2011/06/27/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/68881