Description
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1)
WordPress Plugin Polldaddy Polls & Ratings Unspecified Vulnerability (2.0.25)
WordPress Plugin Team Showcase Multiple Vulnerabilities (1.22.15)
WordPress Plugin WP Maintenance Mode & Site Under Construction Cross-Site Request Forgery (1.8.2)