Description

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

Remediation

References

CVE-2008-0195

Related Vulnerabilities

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Cross-Site Scripting (3.6.1)

Oracle JRE CVE-2012-0551 Vulnerability (CVE-2012-0551)

Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)

WordPress Plugin Embedded Video 'lembedded-video.php' Cross-Site Scripting (4.1)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Information Disclosure (2.5.2)

Severity

Medium

Classification

CVE-2008-0195 CWE-200

Tags

Missing Update Known Vulnerabilities