Description
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4018)
Apache HTTP Server Other Vulnerability (CVE-2005-2728)
MySQL Improper Initialization Vulnerability (CVE-2020-11655)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33334)
WordPress Plugin All in One Webmaster Unspecified Vulnerability (11.0)