Description

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

Remediation

References

CVE-2008-0195

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19994)

e107 Other Vulnerability (CVE-2005-2327)

WordPress Plugin WordPress Download Manager Unspecified Vulnerability (2.9.96)

Apache Tomcat CVE-2023-34981 Vulnerability (CVE-2023-34981)

Oracle Application Server Other Vulnerability (CVE-2006-5354)

Severity

Medium

Classification

CVE-2008-0195 CWE-200

Tags

Missing Update Known Vulnerabilities