[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress
- To: full-disclosure@xxxxxxxxxxxxxxxxx, Julius Kivimäki <julius.kivimaki@xxxxxxxxx>
- Subject: Re: [Full-disclosure] TWSL2012-002: Multiple Vulnerabilities in WordPress
- From: Henri Salo <henri@xxxxxxx>
- Date: Thu, 26 Jan 2012 15:21:04 +0200
On Wed, Jan 25, 2012 at 04:13:12PM +0000, Benji wrote:
> Yes it does.
>
> wp-admin/setup-config.php?step=1 on any wp install where it exists gives
> this:
>
> The file 'wp-config.php' already exists one level above your WordPress
> installation. If you need to reset any of the configuration items in this
> file, please delete it first.
Yes this is correct information at least with new versions of WordPress. We are
running pretty big Linux-server in our organization and I can tell you that
open "install me" -pages are very common and I see these as problem.
I can try to find out what went wrong with the installation or did they remove
the WordPress-installation and didn't understand to remove everything included.
I really hope to see this patched anyways just to be sure. I don't know what
the actual impact in user-experience can be. Could WordPress comment?
- Henri Salo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/