Description

WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.

Remediation

References

CVE-2009-2432

Related Vulnerabilities

WordPress Plugin N-Media Website Contact Form with File Upload Local File Inclusion (1.5)

WordPress Plugin amtyThumb Cross-Site Scripting (4.1.2)

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)

WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)

WordPress Plugin Shortcode Addons-with Visual Composer, Divi, Beaver Builder and Elementor Extension Arbitrary File Upload (3.2.5)

Severity

Medium

Classification

CVE-2009-2432 CWE-264

Tags

Missing Update Known Vulnerabilities