CVE-2009-4170 Information

Description

WP-Cumulus Plug-in 1.20 for WordPress and possibly other versions allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php probably without parameters which reveals the installation path in an error message.

Reference

http://websecurity.com.ua/3665/ http://www.securityfocus.com/archive/1/508071/100/0/threaded