Package: wordpress Version: 2.5.1-7 Severity: important Tags: security The file as found in 2.5.1-7 takes the HTTP_HOST and uses it to find the config-<host>.php file to include.
This routine is prone to attacks by a local user via a especially crafted Host header. Feel free to increase the severity. Cheers, -- Atomo64 - Raphael Please avoid sending me Word, PowerPoint or Excel attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
signature.asc
Description: This is a digitally signed message part.
