Description

WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.

Remediation

References

CVE-2008-0191

Related Vulnerabilities

WordPress Plugin WP-Filebase Download Manager Multiple Unspecified Vulnerabilities (0.2.9.24)

Envoy Proxy Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-12604)

WordPress Plugin Thrive Apprentice Security Bypass (2.3.9.3)

WordPress Plugin Page Builder by SiteOrigin Cross-Site Scripting (2.0.4)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2506)

Severity

Medium

Classification

CVE-2008-0191 CWE-200

Tags

Missing Update Known Vulnerabilities