CVE-2006-4743 Information

Description

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php (2) akismet.php (3) archive.php (4) archives.php (5) attachment.php (6) blogger.php (7) comments.php (8) comments-popup.php (9) dotclear.php (10) footer.php (11) functions.php (12) header.php (13) hello.php (14) wp-content/themes/default/index.php (15) links.php (16) livejournal.php (17) mt.php (18) page.php (19) rss.php (20) searchform.php (21) search.php (22) sidebar.php (23) single.php (24) textpattern.php (25) upgrade-functions.php (26) upgrade-schema.php or (27) wp-db-backup.php which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report stating that version 2.0.5 does not exist. NOTE: the admin-footer.php admin-functions.php default-filters.php edit-form-advanced.php edit-link-form.php edit-page-form.php kses.php locale.php rss-functions.php template-loader.php and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php vars.php and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110.

Reference

http://www.securityfocus.com/archive/1/445374/100/0/threaded http://www.securityfocus.com/archive/1/445471/100/0/threaded http://www.securityfocus.com/archive/1/445604/100/0/threaded http://www.securityfocus.com/archive/1/445711/100/0/threaded