CVE-2007-0262 Information

Description

WordPress 2.0.6 and 2.1Alpha 3 (SVN:4662) does not properly verify that the m parameter value has the string data type which allows remote attackers to obtain sensitive information via an invalid m[] parameter as demonstrated by obtaining the path and obtaining certain SQL information such as the table prefix.

Reference

http://osvdb.org/33458 http://www.securityfocus.com/archive/1/456731/100/0/threaded