Description
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.
Remediation
References
Related Vulnerabilities
WordPress Plugin wpForo Forum Open Redirect (1.9.6)
Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8165)
Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)
WordPress Plugin OneClick Chat to Order Cross-Site Scripting (1.0.4.1)
WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)