Description
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin Arigato Autoresponder and Newsletter Multiple Vulnerabilities (2.5.1.6)
WordPress Plugin Download Shortcode Local File Inclusion (0.2.3)
WordPress Plugin Mobile Booster Security Bypass (1.0)
WordPress Plugin Backup Migration Information Disclosure (1.2.8)
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2018-14719)