Lucene search

[email protected]CVE-2006-2667

HistoryMay 30, 2006 - 9:02 p.m.

CVE-2006-2667

2006-05-3021:02:00

[email protected]

web.nvd.nist.gov

cve

code injection

wordpress

security vulnerability

remote attack

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.128 Low

EPSS

Percentile

95.5%

JSON

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.

Affected configurations

NVD

Node

wordpresswordpressRange≤2.0.2

CPENameOperatorVersion
wordpress:wordpresswordpressle2.0.2

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	2.0.2

References

retrogod.altervista.org/wordpress_202_xpl.html

secunia.com/advisories/20271

secunia.com/advisories/20608

www.gentoo.org/security/en/glsa/glsa-200606-08.xml

www.osvdb.org/25777

www.securityfocus.com/archive/1/435039/100/0/threaded

www.securityfocus.com/bid/18372

www.vupen.com/english/advisories/2006/1992

exchange.xforce.ibmcloud.com/vulnerabilities/26687

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.128 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2006-2667

ubuntucve1 debiancve1 patchstack1 nvd1 prion1 cvelist1 openvas2 nessus1 gentoo1