Lucene search

[email protected]CVE-2013-2203

HistoryJul 08, 2013 - 8:55 p.m.

CVE-2013-2203

2013-07-0820:55:01

CWE-264

[email protected]

web.nvd.nist.gov

wordpress

info disclosure

cve-2013-2203

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.3%

JSON

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.

Affected configurations

NVD

Node

wordpresswordpressRange≤3.5.1

wordpresswordpressMatch0.71

wordpresswordpressMatch1.0

wordpresswordpressMatch1.0.1

wordpresswordpressMatch1.0.2

wordpresswordpressMatch1.1.1

wordpresswordpressMatch1.2

wordpresswordpressMatch1.2.1

wordpresswordpressMatch1.2.2

wordpresswordpressMatch1.2.3

wordpresswordpressMatch1.2.4

wordpresswordpressMatch1.2.5

wordpresswordpressMatch1.2.5a

wordpresswordpressMatch1.3

wordpresswordpressMatch1.3.2

wordpresswordpressMatch1.3.3

wordpresswordpressMatch1.5

wordpresswordpressMatch1.5.1

wordpresswordpressMatch1.5.1.1

wordpresswordpressMatch1.5.1.2

wordpresswordpressMatch1.5.1.3

wordpresswordpressMatch1.5.2

wordpresswordpressMatch1.6.2

wordpresswordpressMatch2.0

wordpresswordpressMatch2.0.1

wordpresswordpressMatch2.0.2

wordpresswordpressMatch2.0.4

wordpresswordpressMatch2.0.5

wordpresswordpressMatch2.0.6

wordpresswordpressMatch2.0.7

wordpresswordpressMatch2.0.8

wordpresswordpressMatch2.0.9

wordpresswordpressMatch2.0.10

wordpresswordpressMatch2.0.11

wordpresswordpressMatch2.1

wordpresswordpressMatch2.1.1

wordpresswordpressMatch2.1.2

wordpresswordpressMatch2.1.3

wordpresswordpressMatch2.2

wordpresswordpressMatch2.2.1

wordpresswordpressMatch2.2.2

wordpresswordpressMatch2.2.3

wordpresswordpressMatch2.3

wordpresswordpressMatch2.3.1

wordpresswordpressMatch2.3.2

wordpresswordpressMatch2.3.3

wordpresswordpressMatch2.5

wordpresswordpressMatch2.5.1

wordpresswordpressMatch2.6

wordpresswordpressMatch2.6.1

wordpresswordpressMatch2.6.2

wordpresswordpressMatch2.6.3

wordpresswordpressMatch2.6.5

wordpresswordpressMatch2.7

wordpresswordpressMatch2.7.1

wordpresswordpressMatch2.8

wordpresswordpressMatch2.8.1

wordpresswordpressMatch2.8.2

wordpresswordpressMatch2.8.3

wordpresswordpressMatch2.8.4

wordpresswordpressMatch2.8.4a

wordpresswordpressMatch2.8.5

wordpresswordpressMatch2.8.5.1

wordpresswordpressMatch2.8.5.2

wordpresswordpressMatch2.8.6

wordpresswordpressMatch2.9

wordpresswordpressMatch2.9.1

wordpresswordpressMatch2.9.1.1

wordpresswordpressMatch2.9.2

wordpresswordpressMatch3.3

wordpresswordpressMatch3.3.1

wordpresswordpressMatch3.3.2

wordpresswordpressMatch3.3.3

wordpresswordpressMatch3.4.0

wordpresswordpressMatch3.4.1

wordpresswordpressMatch3.4.2

wordpresswordpressMatch3.5.0

CPENameOperatorVersion
wordpress:wordpresswordpressle3.5.1
wordpress:wordpresswordpresseq0.71
wordpress:wordpresswordpresseq1.0
wordpress:wordpresswordpresseq1.0.1
wordpress:wordpresswordpresseq1.0.2
wordpress:wordpresswordpresseq1.1.1
wordpress:wordpresswordpresseq1.2
wordpress:wordpresswordpresseq1.2.1
wordpress:wordpresswordpresseq1.2.2
wordpress:wordpresswordpresseq1.2.3

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	3.5.1
wordpress:wordpress	wordpress	eq	0.71
wordpress:wordpress	wordpress	eq	1.0
wordpress:wordpress	wordpress	eq	1.0.1
wordpress:wordpress	wordpress	eq	1.0.2
wordpress:wordpress	wordpress	eq	1.1.1
wordpress:wordpress	wordpress	eq	1.2
wordpress:wordpress	wordpress	eq	1.2.1
wordpress:wordpress	wordpress	eq	1.2.2
wordpress:wordpress	wordpress	eq	1.2.3