Published: 16/01/2007 Updated: 16/10/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Summary

WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote malicious users to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.

Vulnerability Trend

Affected Products

Vendor Product Versions
WordpressWordpress2.0.6, 2.1

Vendor Advisories

Debian Bug report logs - #407289 CVE-2007-0262: wordpress: Full Path disclosure and disclosure of Table Prefix Weakness Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Alex de Oliveira Silva <enerv@hostsk> Date: ...