ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.1.2 - Sensitive Directory Exposure

Product
WordPress
Description
Because of this vulnerability, the attackers can obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
Solution
Update the WordPress to the latest available version (at least 2.1.3).
Classification
Type Information Disclosure
OWASP Top 10 A6: Sensitive Data Exposure
References
CVE Mitre
CVE
Name CVE-2007-1409
Versions
Affected In <= 2.1.2
Fixed In 2.1.3
Disclosure date
2007-03-10
Credits
r00t
Submitter
ThreatPress