Description

WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.

Remediation

References

CVE-2006-3390

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-5498)

Oracle JRE CVE-2022-21366 Vulnerability (CVE-2022-21366)

WordPress Plugin SpamTask Arbitrary File Upload (1.3.6)

WordPress Plugin mklasen's Photobox Cross-Site Scripting (1.0)

WordPress Plugin Easy Modal Multiple SQL Injection Vulnerabilities (2.0.17)

Severity

Medium

Classification

CVE-2006-3390

Tags

Missing Update Known Vulnerabilities