CVE-2009-4170
WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message.
Date published : 2009-12-02
http://www.securityfocus.com/archive/1/508071/100/0/threaded