oss-sec mailing list archives
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
From: Milan Berger <m.berger () project-mindstorm net>
Date: Mon, 21 Jan 2013 12:42:31 +0100
Hi,
The issue can be seen only when PHP's display_errors is set to On. I have setup a default installation of wordpress 3.5 to display the issue. It can be accessed via the URL: http://blog.gilgalab.com.br/?s[]=1
this is a configuration error on your side, not on wordpress' one. -- Kind Regards Milan Berger Project-Mindstorm Technical Engineer --- project-mindstorm.net Fruehlingstrasse 4 90537 Feucht Germany Mob.: +49 176 22 98 76 02 https://www.ghcif.de http://www.nopaste.info (for sale) https://www.digital-bit.ch http://www.project-mindstorm.net twitter: http://twitter.com/twit4c
Current thread:
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability, (continued)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 20)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Giles Coochey (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henri Salo (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Henrique Montenegro (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 21)
- Whats worth a CVE? Scott Herbert (Jan 21)
- Re: Whats worth a CVE? Eitan Adler (Jan 21)
- Re: Whats worth a CVE? Kurt Seifried (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Agostino Sarubbo (Jan 21)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Kurt Seifried (Jan 20)
- Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability Milan Berger (Jan 21)