Description

WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.

Remediation

References

CVE-2009-2432

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)

WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)

WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.3)

WordPress Plugin WassUp Real Time Analytics Unspecified Vulnerability (1.7.2)

MySQL CVE-2019-2743 Vulnerability (CVE-2019-2743)

Severity

Medium

Classification

CVE-2009-2432 CWE-264

Tags

Missing Update Known Vulnerabilities