Description

WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.

Remediation

References

CVE-2009-2432

Related Vulnerabilities

WordPress Plugin Themify Builder Cross-Site Scripting (5.3.1)

Oracle JRE CVE-2013-1540 Vulnerability (CVE-2013-1540)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8758)

WordPress Plugin Map Block for Google Maps Unspecified Vulnerability (1.31)

Severity

Medium

Classification

CVE-2009-2432 CWE-264

Tags

Missing Update Known Vulnerabilities