WordPress_v.2.0.1_Path_Disclosure.xml Security Vulnerability

Description
Full path disclosure:
www.victim.com/wordpress/wp-includes/default-filters.php
www.victim.com/wordpress/wp-includes/template-loader.php
www.victim.com/wordpress/wp-admin/edit-form-advanced.php
www.victim.com/wordpress/wp-admin/edit-form-comment.php
www.victim.com/wordpress/wp-includes/rss-functions.php
www.victim.com/wordpress/wp-admin/admin-functions.php
www.victim.com/wordpress/wp-admin/edit-link-form.php
www.victim.com/wordpress/wp-admin/edit-page-form.php
www.victim.com/wordpress/wp-admin/admin-footer.php
www.victim.com/wordpress/wp-admin/menu-header.php
www.victim.com/wordpress/wp-includes/locale.php
www.victim.com/wordpress/wp-admin/edit-form.php
www.victim.com/wordpress/wp-includes/wp-db.php
www.victim.com/wordpress/wp-includes/kses.php
www.victim.com/wordpress/wp-includes/vars.php
www.victim.com/wordpress/wp-admin/menu.php
www.victim.com/wordpress/wp-settings.php
Confirmed in version 2.0.1. Other versions may also be affected.

Impact
A remote attacker could exploit this to learn installation paths on server.

References
Secunia SA19050
Product Homepage

View entire list of over 400 known Web Application Vulnerabilities and the specific technologies which they target. See Web Vulnerabilities in popular applications such as: WordPress, Tiki Wiki, PHPNuke, PHPMyAdmin, phpBB, Mambo, PHP-Fusion, Mantis, Invision Power Board

Get latest new web vulnerabilities via RSS