Description
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Cross-Site Scripting (7.0 - 7.69)
Apache HTTP Server Other Vulnerability (CVE-2004-0942)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5341)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-12459)
Undertow Missing Authorization Vulnerability (CVE-2019-10184)