CVE-2008-0196 (WordPress) |
|
| BugsAlert Home > CVE-2008-0196 (WordPress) | |
|
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0196 Learn more about CVE-2008-0196 (WordPress) |
|
| Tags: cve-2008-0196 wordpress | |
Related Items |
|
|
CVE-2007-6220 (Typespeed)
|
|
|
CVE-2008-4241 (ultra_plus)
|
|
|
AuraCMS "pages_data.php" Manipulation of Data
|
|
|
CVE-2008-0649 (Astanda Directory Project)
|
|
|
CVE-2008-4370 (availscript_photo_album)
|
|
|
TROJ_DLOADER.QKO
|
|
|
ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities
|
|
