漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system.
WordPress could allow a remote attacker to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.
Affected Versions:
WordPress 2.9.2 and 3.0.4
QID Detection Logic:
This unauthenticated QID launches a HTTP GET request to the WordPress directories and reviews the target's response.
漏洞危害
An unauthenticated, remote attacker could exploit this vulnerability to gain access to sensitive information and launch further attacks against the affected system.
解决方案
Customers are advised to install WordPress 3.0.5 or later versions to remediate the vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论