Description

WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.

Remediation

References

CVE-2006-3390

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37150)

Apache Traffic Server CVE-2015-5206 Vulnerability (CVE-2015-5206)

Squid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19131)

WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.1.9)

WordPress Plugin Welcart e-Commerce Multiple Vulnerabilities (1.3.12)

Severity

Medium

Classification

CVE-2006-3390

Tags

Missing Update Known Vulnerabilities