mailing list archives
Re: TWSL2012-002: Multiple Vulnerabilities in WordPress
From: Henri Salo <henri () nerv fi>
Date: Thu, 26 Jan 2012 15:21:04 +0200
On Wed, Jan 25, 2012 at 04:13:12PM +0000, Benji wrote:
Yes it does.
wp-admin/setup-config.php?step=1 on any wp install where it exists gives
The file 'wp-config.php' already exists one level above your WordPress
installation. If you need to reset any of the configuration items in this
file, please delete it first.
Yes this is correct information at least with new versions of WordPress. We are running pretty big Linux-server in our
organization and I can tell you that open "install me" -pages are very common and I see these as problem.
I can try to find out what went wrong with the installation or did they remove the WordPress-installation and didn't
understand to remove everything included. I really hope to see this patched anyways just to be sure. I don't know what
the actual impact in user-experience can be. Could WordPress comment?
- Henri Salo
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/