Описание
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the ....\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 2.3.2-1ubuntu1 |
| edgy | ignored | end of life, was needed |
| feisty | not-affected | 2.1.3-1ubuntu1 |
| gutsy | not-affected | 2.2.2-1ubuntu1.1 |
| hardy | not-affected | 2.3.2-1ubuntu1 |
| intrepid | not-affected | 2.3.2-1ubuntu1 |
| jaunty | not-affected | 2.3.2-1ubuntu1 |
| karmic | not-affected | 2.3.2-1ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
5 Medium
CVSS2
Связанные уязвимости
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and e ...
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.
5 Medium
CVSS2