WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
References
Link | Resource |
---|---|
http://websecurity.com.ua/3665/ | Exploit |
http://www.securityfocus.com/archive/1/508071/100/0/threaded |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2009-12-02 10:30
Updated : 2018-10-10 12:48
NVD link : CVE-2009-4170
Mitre link : CVE-2009-4170
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
wordpress
- wordpress
roytanck
- wp-cumulus