Lucene search

MitreCVE-2008-0194

HistoryJan 10, 2008 - 12:46 a.m.

CVE-2008-0194

2008-01-1000:46:00

CWE-22

mitre

web.nvd.nist.gov

cve-2008-0194

wordpress

directory traversal

vulnerability

remote attackers

arbitrary files

denial of service

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a … (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.

Affected configurations

Nvd

Node

wordpresswordpressRange≤2.0.3

VendorProductVersionCPE
wordpresswordpresscpe:/a:wordpress:wordpress::::

Vendor	Product	Version	CPE
wordpress	wordpress		cpe:/a:wordpress:wordpress::::

References

lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html

secunia.com/advisories/29014

securityreason.com/securityalert/3539

securityvulns.ru/Sdocument755.html

websecurity.com.ua/1676/

www.debian.org/security/2008/dsa-1502

www.securityfocus.com/archive/1/485786/100/0/threaded

www.securityfocus.com/bid/27123

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Related for CVE-2008-0194