WordPress <= 2.3.3 'index.php' Arbitrary File Access
Medium Nessus Network Monitor Plugin ID 4482
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionThe version of WordPress installed on the remote host is vulnerable to a directory traversal attack. An attacker exploiting this flaw would send malformed data to the 'cat' parameter of the 'index.php' script. Successful exploitation would result in the attacker gaining access to confidential files on the target server.
SolutionUpgrade to WordPress 2.5, or higher.