mailing list archives
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
From: Giles Coochey <giles () coochey net>
Date: Mon, 21 Jan 2013 11:29:45 +0000
On 21/01/2013 10:59, Henrique Montenegro wrote:
Wouldn't setting PHP "display_errors" be for development only, the
entire point of the directive is to give the developer more information
The issue can be seen only when PHP's display_errors is set to On.
I have setup a default installation of wordpress 3.5 to display the issue.
It can be accessed via the URL: http://blog.gilgalab.com.br/?s=1
"This is a feature to support your development and should never be used
on production systems (e.g. systems connected to the internet)."
Description: S/MIME Cryptographic Signature