CVE-2009-2432

WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
wordpresswordpress
𝑥
≤ 2.7.1
wordpresswordpress
0.6.2
wordpresswordpress
0.6.2:beta_2
wordpresswordpress
0.6.2.1
wordpresswordpress
0.6.2.1:beta_2
wordpresswordpress
0.7
wordpresswordpress
0.71
wordpresswordpress
0.71-gold
wordpresswordpress
0.72
wordpresswordpress
0.72:beta1
wordpresswordpress
0.72:beta2
wordpresswordpress
0.72:rc1
wordpresswordpress
0.711
wordpresswordpress
1.0
wordpresswordpress
1.0:rc1
wordpresswordpress
1.0:rc2
wordpresswordpress
1.0:rc3
wordpresswordpress
1.0:rc4
wordpresswordpress
1.0-platinum
wordpresswordpress
1.0.1
wordpresswordpress
1.0.1-miles
wordpresswordpress
1.0.2
wordpresswordpress
1.0.2-blakey
wordpresswordpress
1.2
wordpresswordpress
1.2:beta
wordpresswordpress
1.2-delta
wordpresswordpress
1.2-mingus
wordpresswordpress
1.2.1
wordpresswordpress
1.2.2
wordpresswordpress
1.3.1
wordpresswordpress
1.4
wordpresswordpress
1.5
wordpresswordpress
1.5-strayhorn
wordpresswordpress
1.5.1
wordpresswordpress
1.5.1.1
wordpresswordpress
1.5.1.2
wordpresswordpress
1.5.1.3
wordpresswordpress
1.5.2
wordpresswordpress
1.6
wordpresswordpress
2.0
wordpresswordpress
2.0.1
wordpresswordpress
2.0.2
wordpresswordpress
2.0.3
wordpresswordpress
2.0.4
wordpresswordpress
2.0.5
wordpresswordpress
2.0.6
wordpresswordpress
2.0.7
wordpresswordpress
2.0.8
wordpresswordpress
2.0.9
wordpresswordpress
2.0.10
wordpresswordpress
2.0.10_rc1:_rc1
wordpresswordpress
2.0.10_rc2:_rc2
wordpresswordpress
2.0.11
wordpresswordpress
2.1
wordpresswordpress
2.1:alpha_3
wordpresswordpress
2.1.1
wordpresswordpress
2.1.2
wordpresswordpress
2.1.3
wordpresswordpress
2.1.3_rc1:_rc1
wordpresswordpress
2.1.3_rc2:_rc2
wordpresswordpress
2.2
wordpresswordpress
2.2.0
wordpresswordpress
2.2.1
wordpresswordpress
2.2.2
wordpresswordpress
2.2.3
wordpresswordpress
2.2_revision5002:_revision5002
wordpresswordpress
2.2_revision5003:_revision5003
wordpresswordpress
2.3
wordpresswordpress
2.3:beta3
wordpresswordpress
2.3:rc1
wordpresswordpress
2.3.1
wordpresswordpress
2.3.1:rc1
wordpresswordpress
2.3.2
wordpresswordpress
2.3.3
wordpresswordpress
2.5
wordpresswordpress
2.5.1
wordpresswordpress
2.6
wordpresswordpress
2.6.1
wordpresswordpress
2.6.3
wordpresswordpress
2.6.5
wordpresswordpress_mu
𝑥
≤ 2.7
wordpresswordpress_mu
1.1
wordpresswordpress_mu
1.1.1
wordpresswordpress_mu
1.2
wordpresswordpress_mu
1.2.1
wordpresswordpress_mu
1.2.2
wordpresswordpress_mu
1.2.3
wordpresswordpress_mu
1.2.4
wordpresswordpress_mu
1.2.4:rc1
wordpresswordpress_mu
1.2.5a:a
wordpresswordpress_mu
1.3
wordpresswordpress_mu
1.3.1
wordpresswordpress_mu
1.3.2
wordpresswordpress_mu
1.3.3
wordpresswordpress_mu
1.5:rc1
wordpresswordpress_mu
1.5.1
wordpresswordpress_mu
2.6
wordpresswordpress_mu
2.6.1
wordpresswordpress_mu
2.6.2
wordpresswordpress_mu
2.6.3
wordpresswordpress_mu
2.6.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bullseye (security)
5.7.11+dfsg1-0+deb11u1
fixed
bullseye
5.7.11+dfsg1-0+deb11u1
fixed
bookworm
6.1.6+dfsg1-0+deb12u1
fixed
bookworm (security)
6.1.6+dfsg1-0+deb12u1
fixed
sid
6.6.1+dfsg1-1
fixed
trixie
6.6.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
http://securitytracker.com/id?1022528
http://www.osvdb.org/55717
http://www.securityfocus.com/archive/1/504795/100/0/threaded
http://www.vupen.com/english/advisories/2009/1833
https://exchange.xforce.ibmcloud.com/vulnerabilities/51734
http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
http://securitytracker.com/id?1022528
http://www.osvdb.org/55717
http://www.securityfocus.com/archive/1/504795/100/0/threaded
http://www.vupen.com/english/advisories/2009/1833
https://exchange.xforce.ibmcloud.com/vulnerabilities/51734