Description
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Custom Fields PRO Information Disclosure (6.0.2)
WordPress Plugin Booked-Appointment Booking for WordPress Security Bypass (2.2.5)
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10081)