Description

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.

Remediation

References

CVE-2005-1688

Related Vulnerabilities

WebLogic CVE-2019-2395 Vulnerability (CVE-2019-2395)

TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-19849)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)

WordPress Plugin HandL UTM Grabber Security Bypass (2.6.4)

WordPress Plugin FV Flowplayer Video Player Multiple Vulnerabilities (7.3.14.727)

Severity

Medium

Classification

CVE-2005-1688

Tags

Missing Update Known Vulnerabilities