aschmoe
commented
8 years ago The nonce-lock is active on wp and drupal, so every potential error returned from CMS should be -1 unless actually inside the CMS
Closed jlyon closed 7 years ago
aschmoe
commented
8 years ago The nonce-lock is active on wp and drupal, so every potential error returned from CMS should be -1 unless actually inside the CMS
3) Full Path Disclosures in their WordPress agent. The Wordpress agent php scripts do not properly validate whether they're being executed from the Wordpress administrative panel, and thus, calls to non-existence functions raises a PHP exception. Within this PHP exception contains a full path disclosure of target system.