ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.0.5 - Multiple vulnerabilities #1

Product
WordPress
Description
Because of these vulnerabilities, the attackers can obtain sensitive information via a direct request for wp-content/themes/default/index.php, links.php, sidebar.php, livejournal.php, hello.php, mt.php, page.php, rss.php, search.php, searchform.php, 404.php, wp-db-backup.php, akismet.php, comments-popup.php, archive.php, archives.php, functions.php, header.php, upgrade-schema.php, attachment.php, single.php, blogger.php, upgrade-functions.php, dotclear.php, comments.php, textpattern.php or footer.php, that reveal the path in various error messages.
Solution
Update the WordPress to the latest available version (at least 2.0.6).
Classification
Type Multi
References
CVE Mitre
CVE
Name CVE-2006-4743
Versions
Affected In <= 2.0.5
Fixed In 2.0.6
Disclosure date
2006-09-13
Submitter
ThreatPress