cve/2009/CVE-2009-2432.md

CVE-2009-2432

Description

WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.

POC

Reference

• http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked

Github

• https://github.com/20142995/nuclei-templates