Lucene search

RedhatCVELIST:CVE-2013-2203

HistoryJul 08, 2013 - 8:00 p.m.

CVE-2013-2203

2013-07-0820:00:00

redhat

www.cve.org

5.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.2%

JSON

WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message.

References

codex.wordpress.org/Version_3.5.2

wordpress.org/news/2013/06/wordpress-3-5-2/

www.debian.org/security/2013/dsa-2718

bugzilla.redhat.com/show_bug.cgi?id=976784