5
CVSSv2

CVE-2008-0196

Published: 10/01/2008 Updated: 21/11/2024

Vulnerability Summary

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and previous versions allow remote malicious users to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote malicious users to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Exploits

Core Security Technologies Advisory - A vulnerability was found in the way that WordPress handles some URL requests This results in unprivileged users viewing the content of plugins configuration pages, and also in some plugins modifying plugin options and injecting JavaScript code Arbitrary native code may be run by a malicious attacker if the b ...