mailing list archives
Re: CVE Request - Wordpress 3.5 Full-path disclosure vulnerability
From: Henri Salo <henri () nerv fi>
Date: Mon, 21 Jan 2013 16:00:19 +0200
On Mon, Jan 21, 2013 at 11:29:45AM +0000, Giles Coochey wrote:
Wouldn't setting PHP "display_errors" be for development only, the
entire point of the directive is to give the developer more
information 'in page'.
"This is a feature to support your development and should never be
used on production systems (e.g. systems connected to the
You are correct. No CVE, but WordPress should still fix this. Please note that
some configuration errors still get CVE, but this is not one of those in my
opinion/knowledge. Path disclosures are usually low-priority issues.